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About This Manual 


This manual describes how to configure and manage the network interfaces 
and network services, and solve problems that might arise on systems 
running the Tru64™ UNIX (formerly DIGITAL UNIX) operating system 
software. 


This manual assumes that the operating system software and the 
appropriate networking subsets are installed. 


Audience 


This manual is intended for system and network adminstrators responsible 
for configuring and managing network services. Administrators are 
expected to have knowledge of operating system concepts, commands, and 
configuration. It is also helpful to have knowledge of Transmission Control 
Protocol/l nternet Protocol (TCP/IP) networking concepts and network 
configuration; this manual is not a TCP/IP networking tutorial. 


New and Changed Features 


This manual has been revised to include the following: 
e An expanded overview of administrative methods 


e« Anew chapter on Internet Protocol Version 6 (IP v6), originally part of the 
Guideto Tru64 UNIX | Pv6, a new section on configuring an |Pv6 Domain 
Name System (DNS) master server, and updated sections throughout 
the manual to discuss where | Pv6 is supported 


¢ New sections on configuring authentication of DNS dynamic updates 
and zone transfers 


e New and updated sections about automatically and transparently 
mounting remote file systems with the AutoF S daemon 


e An updated section on IMAP mail to discuss changes related to its 
directory structure 


e« An updated section on administering and distributing alias information 
that describes new Sendmail support for LDAP servers 


¢« Updated sections throughout the manual on how to use the SysMan 
Menu to configure network components 


¢ Updated sections on problem solving tools 
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¢ Information that was previously included in the Re ease Notes 


Organization 


xxii 


This manual is divided into two parts and several appendices. Part 1, 
Chapters 1-14, contains management information and Part 2, Chapters 
15-18, contains problem solving information. The appendices contain 
supplemental information. 


The following list describes the contents of each chapter and appendix in 


more detail: 


Chapter 1 


Chapter 2 
Chapter 3 


Chapter 4 


Chapter 5 


Chapter 6 
Chapter 7 
Chapter 8 


Chapter 9 


Chapter 10 


Chapter 11 


Chapter 12 


Chapter 13 
Chapter 14 
Chapter 15 


Chapter 16 


Chapter 17 


About This Manual 


Describes the meaning of network administration and 
the components covered in this manual 


Describes thetasks to administer the basic network connections 


Describes the tasks to administer Internet Protocol 
Version 6 (IP v6) networks 


Describes the tasks to administer an Asychronous 
Transfer Mode (ATM) network adapter 


Describes the tasks to administer the Dynamic Host 
Configuration Protocol (DHCP) 


Describes the tasks to administer point-to-point connections 
Describes the tasks to administer Local Area Transport (LAT) 


Describes the tasks to administer the Domain 
Name System (DNS) 


Describes the tasks to administer the Network 
Information Service (NIS) 


Describes the tasks to administer the Network 
File System (NFS) 


Describes the tasks to administer the UNI X-to-UNIX 
Copy Program (UUCP) 


Describes the tasks to administer the Network 
Time Protocol (NTP) 


Describes the tasks to administer the mail environment 
Describes the Simple Network Management Protocol (SNMP) 


Describes how to diagnose network and network 
service problems 


Describes the various diagnostic tests available 
to help solve problems 


Describes how to test DNS servers and resolve 
DNS server problems 


Chapter 18 Describes how to report your problem to Compaq and 


the information you need to provide 


Appendix A Describes how to monitor the Ethernet, Fiber Distributed 


Data Interface (F DDI), and token ring network interfaces 
by using the netstat command 


Appendix B Describes how to write Automount and AutoFS maps 
Appendix C Contains two scripts you can copy for adding NIS slave servers 

to and removing NIS slave servers from an NIS domain 
Appendix D Contains NFS error messages and describes possible solutions 
Appendix E Contains uucp error messages and describes possible solutions 
Appendix F Contains sendmail error messages and describes 


possible solutions 


Appendix G Describes the Tru64 UNIX host MIB implementation, 


including sample data 


Appendix H Describes the format of DNS file entries 


Related Documents 


For more information about Tru64 UNIX networking and communications, 
see the following books: 


BIND Configuration File Guide 


Provides information about how to manually create and edit the 
named.conf configuration file on systems that use the DNS/BIND for 
address resolution. This document is availablein HTML format on the 
Tru64 UNIX Documentation CD-ROM. 


Command and Shel User's Guide 


Introduces users to the basic uses of commands and shells in the 
operating system. 


J OIN Server Administrator’s Guide by J oin Systems, Inc. 


Provides more detailed information about implementing the Dynamic 
Host Configuration Protocol in your network. This document can be 
accessed by opening the following file with a web browser: 


/usr/docfjoin/TOC.html 
Sendmail Installation and Operation Guide 


Provides additional information about using the sendmail command. 
This document is available in PDF format on the Tru64 UNIX 
Documentation CD-ROM. 


The sendmail guide by O’Reilly & Associates 
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Provides additional information about using the sendmail command. 
e« Request for Comments (RFC) 


Many sections of this book refer to RFCs (for example, RFC 1577) for 
more information about certain networking topics. These documents 
publicize Internet Standards, new research concepts, and status memos 
about the internet. You can access the full range of RFC documents and 
more information about the Internet Engineering Task Force (IETF) at 
the following URL: 


http://www.ietf.org 
e Best Practices 


Compaq Tru64 UNIX Best Practices describe additional concepts 
and tasks, for networking as well as other topics. You can find these 
documents at the following URL: 


http://www.tru64unix.compaq.com/faqs/publications/best_prac- 
tices 


Icons on Tru64 UNIX Printed Books 


The printed version of the Tru64 UNIX documentation uses letter icons on 
the spines of the books to help specific audiences quickly find the books that 
meet their needs. (You can order the printed documentation from Compaq.) 
The following list describes this convention: 


Books for general users 
Books for system and network administrators 


Books for programmers 


Books for device driver writers 


DUVDN QA 


Books for reference page users 


Some books in the documentation help meet the needs of several audiences. 
For example, the information in some system books is also used by 
programmers. Keep this in mind when searching for information on specific 
topics. 


The Documentation Overview provides information on all of the books in 
the Tru64 UNIX documentation set. 
Reader’s Comments 


Compaq welcomes any comments and suggestions you have on this and 
other Tru64 UNIX manuals. 


You can send your comments in the following ways: 
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Fax: 603-884-0120 Attn: UBPG Publications, ZK O03-3/Y 32 
Internet electronic mail: readers _comment@zk3.dec.com 


A Reader’s Comment form is located on your system in the following 
location: 


/usr/doc/readers_comment.txt 
Mail: 


Compaq Computer Corporation 
UBPG Publications Manager 
ZK 03-3/Y 32 

110 Spit Brook Road 

Nashua, NH 03062-2698 


A Reader’s Comment form is located in the back of each printed manual. 
The form is postage paid if you mail it in the United States. 


Please include the following information along with your comments: 


The full title of the book and the order number. (The order number is 
printed on the title page of this book and on its back cover.) 


The section numbers and page numbers of the information on which 
you are commenting. 


The version of Tru64 UNIX that you are using. 
If known, the type of processor that is running the Tru64 UNIX software. 


The Tru64 UNIX Publications group cannot respond to system problems 

or technical support inquiries. Please address technical questions to your 
local system vendor or to the appropriate Compaq technical support office. 
Information provided with the software media explains how to send problem 
reports to Compaq. 
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Conventions 


This document uses the following typographic conventions: 


2 
6 


$ 


file 


ls] 
aS 


cat(1) 


Return 


Ctrl/x 
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A percent sign represents the C shell system prompt. 
A dollar sign represents the system prompt for the 
Bourne, Korn, and POSIX shells. 


A number sign represents the superuser prompt. 


Boldface type in interactive examples indicates 
typed user input. 


Italic (slanted) type indicates variable values, 
placeholders, and function argument names. 


In syntax definitions, brackets indicate items that 
are optional and braces indicate items that are 
required. Vertical bars separating items inside 
brackets or braces indicate that you choose one item 
from among those listed. 


In syntax definitions, a horizontal ellipsis indicates 
that the preceding item can be repeated one or 
more times. 


A cross-reference to a reference page includes 
the appropriate section number in parentheses. 
For example, cat(1) indicates that you can find 
information on the cat command in Section 1 of 
the reference pages. 


In an example, a key name enclosed in a box 
indicates that you press that key. 


This symbol indicates that you hold down the 
first named key while pressing the key or mouse 
button that follows the slash. In examples, this 
key combination is enclosed in a box (for example, 


Ctrl/C}). 


Part 1 


Management Information 


1 


Overview to Network Administration 


Network administration comprises those tasks that deal with setting up and 
configuring network interfaces, software, and daemons, and those tasks that 
deal with the day-to-day management of those interfaces, software, and 
daemons, including solving problems that might arise. 


This manual describes the administration of the following: 


¢ Basic network connections, including Ethernet, Token Ring, and Fiber 
Distributed Data Interface (F DDI) interfaces, automatic network 
adapter failover (NetRAIN), and network daemons 


e Internet Protocol Version 6 (IP v6) 
e Asynchronous Transfer Mode (ATM) 
¢ Dynamic Host Configuration Protocol (DHCP) 


¢ Point-to-point connections, including Serial Line| nternet Protocol (SLIP) 
and Point-to-Point Protocol (PPP) 


¢« Local Area Transport (LAT) 

« Domain Name System (DNS) 

¢ Network Information Service (NIS), formerly named Yellow Pages 
¢ Network File System (NFS) 

e UNIX-to-UNIX Copy Program (UUCP) 

¢ Network Time Protocol (NTP) 

¢ Mail environment 

¢ Simple Network Management Protocol (SNMP) 


Day-to-day management varies with each network service, as each one 
provides different capabilities. Typically, management involves making 
small changes and adjustments, such as adding user accounts, mounting 
remote file systems or directories, obtaining status information, and setting 
up automatic maintenance scripts. Each chapter in Part 1 of this book 
describes a specific task, presenting the generic steps required to perform 
the task followed by examples and additional information. 


In addition to the day-to-day management of the network and network 
services, this manual contains information to help you solve problems that 
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might occur. Problem solving is handled as a separate part of administration 
because it is not something that you have to do every day. 


Unlikethe administration chapters, problem-solving chapters are structured 
according to specific problems. Within each problem section are the steps to 
resolve the problem. 


The key to successful problem solving is in isolating the source of the 
problem. Frequently, complex networks and interactions between network 
services make this difficult to do. If you encounter a problem, whether by 
error message or event (for example, slow response), do the following: 


1. Check your system, its network interface, and connections to the 
network. 


2. Check the network and your system’s ability to reach a remote system. 


Most problems can be solved after you perform these two steps. If not, go to 
the appropriate problem-solving section and follow the steps. 


1.1 Administrative Methods 


The following sections provide a brief overview of the methods for 
administering networking components in the operating system. As explained 
in Section 1.1.4, it is best to not to edit configuration files manually for 
network configuration tasks. Instead, it is highly recommended that you use 
the SysMan Menu utility whenever possible. 


1.1.1 SysMan Menu 


The SysMan Menu utility enables you to administer your system locally via 
a graphical user interface or command-line interface, or even remotely via 
the World Wide Web. It provides a single, hierarchical menu interface that 
allows you to quickly find and invoke suitlets (integrated utilities) to perform 
the most common management tasks. 


In this manual, wherever the SysMan Menu utility is mentioned in relation 
to configuration tasks, it is presumed that you know how to invoke it. To 
invoke the SysMan Menu utility from CDE, do the following: 

Select the Application Manager icon on the CDE front panel. 

Select the System_Admin application group icon. 

Select the SysMan Menu. The SysMan Menu is displayed and lists 

various system management tasks. 


If you are not using CDE, you can invoke the SysMan Menu in one of the 
following ways: 
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# /usr/sbin/sysman 
From a character-cell terminal or terminal window, for curses mode, enter: 
# sysman -ui cui 


Once you invoke the SysMan Menu, double-click on menu items to select 
them. Or, on a system without graphics capabilities, use the arrow keys and 
the Enter key to select items. Many menu items will expand to offer more 
choices. Navigate the menu until you find the desired suitlet. 


In Figure 1-1, the user selects the Basic Network Services menu item, which 
expands to reveal the suitlets for configuring network adapters and other 
basic networking components. 


Figure 1-1: SysMan Menu 


Tru64 UNIX system management tasks: 


nchr 
Network Inter 


| Select | Find... Help On Item 


Exit Options... | Help 


To exit the SysMan Menu, select Exit. On a system without graphics 
capabilities, use the Tab key to move the cursor to Exit, then press the Enter 
key. 


For more information about the SysMan Menu, see the Systen 
Administration manual, sysman(8), and the online help. 


1.1.1.1 Quick Setup 


The SysMan Menu includes a Quick Setup utility that you can use to 
configure basic components and services on a client system. The Quick 
Setup utility starts automatically when the system boots following a full 
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installation of the operating system. However, to use the utility at any time, 
invoke the SysMan Menu and select General Tasks—Quick Setup, or enter 
the following command on a command line: 


# /usr/bin/sysman quicksetup 


The Quick Setup utility, as shown in Figure 1-2, is displayed. 


Figure 1-2: Quick Setup 


Quick Setup helps you set up a typical UNIX system. 


It leads you step by step through the following common tasks: 


Step 1: Enter basic license information 

Step 2: Set up the systemn’s Network Interface Card (NIC) 
Step 3: Set up network routing services 

Step 4: Specify a Domain Name Service (DNS/BIND) server 
Step 5: Specify a Network Time Protocol (NTP) server 

Step 6: Specify a Network Information Service (NIS) server 
Step 7: Set up Network File Systern (NFS) services 

Step 8: Specify an E-Mail server 


Step 9: Specify a default printer and its server 


You can skip any step. No action is performed until you review 
and approve a summary of the setup at the end of Quick Setup. 


Select "Details..." to gee the information Quick Setup requests. 


Select "Next >" to start setting up this system. 


| Next > | | Details... | Cancel | Help 


The utility leads you through the displayed configuration steps, many 
of which prepare your system for operation on a network. Enter the 
information for each step of the process and select Next to display the 
subsequent step. You can move back and forth through the steps if you 
have missed something. No information is saved until you confirm the 
configuration by selecting Finish in the last step. 
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If necessary, you can configure additional components or modify your 
configuration after you use the utility. For moreinformation about the Quick 
Setup utility, see the online help. 


1.1.1.2 Network Wizard 


The SysMan Menu also includes a Network Wizard utility that you can 
use to configure network components on your system. As diScussed in 
Section 2.3, you can invoke the configuration suitlets through the SysMan 
Menu to configure basic network services on an individual basis, or you can 
use the Network Setup Wizard, which leads you step-by-step through the 
setup process for all of the basic network services. 


To use the Network Wizard, invoke the SysMan Menu and select 
Networking—>Network Setup Wizard, or enter the following command on 
a command line: 


# /usr/bin/sysman net wizard 


The Network Wizard utility, as shown in Figure 1-3, is displayed. 
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Figure 1-3: Network Wizard 
Network Setup Wizard 


Network Setup helps you set up the network configuration for your UNIX 
system. 


It leads you step—by—step through the following networking tasks: 


Step 1: Set up Network Interface Card(s) 

Step 2: Set up static routes (/etc/routes) 

Step 3: Set up routing services (gated, routed, IP router) 
Step 4: Set up hosts file (/etc/hosts) 

Step 5: Set up hosts equivalency file (/ete/hosts.equiv) 
Step 6: Set up remote who services (rwhod) 

Step 7: Set up the system asa DHCP server (joind) 

Step 8: Set up networks file (/ete/networks) 


No action is performed until you select finish at the end of Network Setup. 


Select "Details..." to gee the information Network Setup requests. 


Select "Next >" to start setting up this system. 


| Next > | | Detaite. | Cancel | Help 


The utility leads you through the displayed configuration steps. Enter 
the information for each step of the process and select Next to display the 
subsequent step. You can move back and forth through the steps if you 
have missed something. No information is saved until you confirm the 
configuration by selecting Finish in the last step. 


If necessary, you can configure additional components or modify your 
configuration after you use the utility. For more information about the 
Network Wizard utility, see the online help. 


1.1.1.3. Command-Line Integration 


The SysMan Menu allows you to access and manipulate many configuration 
options directly from the command line. This feature is particularly useful 
for administrators who want to create site-specific shell scripts to perform 
configuration tasks. 
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To use the command-line interface, invoke the sysman -cli command. For 
the command's arguments, specify the component and group on which you 
want to operate and the action you want to perform. 


For example, suppose you want to list all of the entries in the /etc/hosts 
file. You would enter the following command: 


# sysman -cli -list val -comp networkedSystems \ 
-group hostMappings 


You could also add a host to the file by entering this command: 


# sysman -cli -add row -comp networkedSystems \ 
-group hostMappings -data "{queen} \ 
{DNS server} {18.240.32.40} {queen.abc.xyz.com}" 


You can even change an existing value in the file, like an |1P address, as 
follows: 


# sysman -cli -set val -comp networkedSystems \ 
-group hostMappings -attr networkAddress="18.240.32.45" \ 
-keyl queen.abc.xyz.com -key2 18.240.32.40 


For more information about this command line interface for the SysMan 
Menu, see the Systen Administration guide and sysman_c1i(8). 


1.1.2 Compaq Insight Manager 


Compaq Insight Manager is a Web-based system management utility. It 
consists of two different components: the Management Agents, which run 
on many different operating systems (including Tru64 UNIX), and the 
Management Console, which runs exclusively on Microsoft Windows NT. 


By enabling the Compaq Management Agents on your Tru64 UNIX systems, 
you can provide a conduit for communication between these systems and the 
Web. Once enabled, this conduit allows you to access information about the 
configuration of your systems and their peripherals from a web browser on 
any system. In some J ava-enabled web browsers, you can also invoke the 
SysMan Menu through this interface to manage these systems. 


Figure 1-4 shows an example of using the Management Agents to obtain 
statistics for an Ethernet network adapter. 
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Figure 1-4: Compaq Management Agents 
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Using the Compaq Insight Manager XE Management Console, you can 
view and manage your systems as well as many standalone devices (Such 

as printers, routers, and more) on your network. The Management Console 
is especially useful for managing heterogeneous environments, as it can 
communicate with the Management Agents for all of the supported operating 
systems and environments. 


For more information about Compaq Insight Manager, see 
insight manager(5) and the Systen Administration guide. 


1.1.3 Other Interfaces 


The operating system includes alternative system administration 
applications, some that require graphics capabilities and others that allow 
you to configure your system from the command line. This book mentions 
these optional utilities, when available, in relation to specific configuration 
tasks. 


See Chapter 2 of the Systen Administration guide for a comprehensive list 
of the utilities that are available. See the reference pages and online help for 
more information about each utility. 
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1.1.4 Manually Editing Configuration Files 


Some sections of this book describe the system files that are updated or 
modified when you perform an administrative task. Experienced UNIX 
administrators might prefer to administer their systems by manually editing 
these files, as opposed to invoking the documented utility; however, it is 
strongly recommended that you use the appropriate utilities to update the 
system files so that the structure of these files is preserved. 


Important considerations are: 
¢« Context-Dependent Symbolic Links (CDSLs) 


Many system files now exist as special symbolic links (CDSLs) created to 
facilitate TruCluster Server clusters. The links are transparent to most 
users, but if the links are broken, the system cannot join a cluster in the 
future without recreating them. This manual mentions a few of the 
CDSLs, especially when you must create them manually. See the hier(5) 
reference page for a complete list of the CDSLs in the file system. See 
the System Administration guide for more information. 


¢ Binary databases, configuration definitions 


Many system components write data to both text and binary files, and 
their administrative utilities often recreate the binary files. Other 
system information is often preserved so that when you update your 
system, it can be recovered and reused, saving you time and effort. 


e Latent support for clusters 


Individual systems are capable of joining TruCluster Server clusters, 
and many system files have been modified to provide latent support for 
clusters. For example, the rc. config file now has two related files, 
re.config.common and rc.config.site, which can store run-time 
configuration variables. Altering these files with the rcmgr utility 
ensures the integrity and consistency of these files. 


¢ Update installation 


During the update installation process, changed information is merged 
into existing system files. The .new..* and .proto. . * files might 
be important in this process. Refer to the Installation Guide for more 
information. 


In many cases, the SysMan Menu utility is the best alternative to manually 
editing system files, thus it is the utility that is most frequently covered 
in this manual. 


1.1.5 Installation and Configuration Cloning 


The operating system includes two features, Installation Cloning and 
Configuration Cloning, that allow you to minimize the amount of manual 
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intervention that is necessary to install and configure systems. These 
features are particularly useful if you need to set up many identical systems 
in the same way, because they allow you to capture the configuration of a 
working system in configuration description files (CDFs) and use those files 
to install and configure subsequent systems. 


See the Installation Guide — Advanced Topics guide for more information. 
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Basic Network Connections 


This chapter describes the basic Tru64 UNIX network environment, 
including how to configure: 


Ethernet 

Token Ring 

Fiber Distributed Data Interfaces (F DDI) 
Automatic network adapter failover (NetRAIN) 


Various network daemons in order to operate in a TCP/IP network 
environment 


Note 


This chapter discusses the configuration of network interfaces 
in an IPv4 environment. All references to|P and TCP/IP are 
|Pv4-specific. For information about configuring IPv6 ina 
network environment, see Chapter 3. 


In addition, this chapter describes some of the commands you can use to 
monitor the network environment. 


For information about ATM and point-to-point connections, see Chapter 4 
and Chapter 6, respectively. 


For troubleshooting information, see Section 15.3. 


2.1 Network Environment 


Figure 2-1 shows a sample corporate network in which there is an Ethernet 
backbone and an FDDI or Token Ring network connected to it through a 
gateway. 
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Figure 2-1: Sample Network Configuration 


Ethernet 


Gateway 


ZK-1147U-Al 


2.2 Preparing for the Configuration 


You configure the network components by using the Network Configuration 
application. The following sections contain worksheets that you can use to 
record the information required to configure the network components. 


2.2.1 Information for Interfaces and Daemons 


Figure 2-2 shows the Interface and Daemon Worksheet. The following 
sections explain the information you need to record on this worksheet. If you 
are viewing this manual online, you can use the print feature to print a 
copy of the worksheet. 
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Figure 2-2: Interface and Daemon Worksheet 


Interface and Daemon Worksheet 


All Network Interfaces 
Adapter name: 
Hostname: ___—CS<‘(CO 
Internet address source: DHCP server User supplied [_] 
Internet address: 
Network mask: 
Token Ring interface 
Adapter speed: 
NetRAIN interface 
Set members: 
rwhod Daemon 


rwhod: Yes [-] No [_] 
Flags: Broadcast only Listen only Both [_] 


routed Daemon 


routed: Yes No [ 
Flags: [_] Run routed on gateway host 
[_] Write all packets to standard output 
L_] Log additional information 
RIP data: Supply[_] Run quietly[_] 
Gateways File 


Destination type: Net Host [_] 
Destination: 
Gateway: 
Hop count: _ 
Route type: External[_] Passive Active [_] 


gated Daemon 


gated: Yes No [ 
Configuration file: 


IP Router 
IP router: Yes [_] No 


2.2.1.1 All Network Interfaces 
Adapter name 


The device names of the network interfaces. The following table 
contains a list of selected network interfaces that the operating system 
supports: 
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Interface Device Name 


Ethernet le 
in 
tu 
xa 

Fiber Distributed Data faa 

Interface (F DDI) fFta 
fza 

Gigabit Ethernet alt 

Token Ring tra 


Note that if you configuring a NetRAIN interface, as documented 
in Section 2.4, the adapter name is the virtual device name of your 
NetRAIN set (nr). 


Host name 


The fully qualified host name assigned to your system. A fully qualified 
host name contains the host name and the domain name, with host 
name and each level of the domain name separated by a period (.). Ask 
the network administrator for a unique host name. 


Internet address source 


The source of your system’s network address for Ethernet, FDDI, 

and NetRAIN interfaces only. If your network uses a Dynamic Host 
Configuration Protocol (DHCP) server to assign IP addresses to 
systems at boot time, check the DHCP server box. If you plan to assign 
an IP address and network mask as part of system configuration, check 
the User supplied box. 


Internet address 


The! nternet Protocol (IP) address of your system. If you are going to 
supply your own IP address, write it in this space. If you will be using 
DHCP to assign IP addresses on a temporary basis, leave this space 
blank. 


If you do not have a designated IP address for your network, you need 
to obtain one from one of the following services. Then, after you receive 
your network’s address, assign a unique |P address and host name 

to each system on your network. 


To obtain an Internet address for your network, contact: 


American Registry for Internet Numbers 
4506 Daly Drive, Suite 200 
Chantilly, VA 20151 
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Voice: (703) 227-0660 

FAX: (703) 227-0676 

Email: reg-servicesGarin.net (for general information) 
hostmaster@arin.net (for 1P address registrations) 

WWW: http:/Awww.arin.net 


In Europe, you can contact: 


RIPE Network Coordination Center 
Singel 258 

1016 AB Amsterdam 

The Netherlands 


Voice: +31 20 535 4444 
FAX: +31 20 535 4445 


E-mail: ncc@ripe.net (for general information) 
hostmaster@ripe.net (for 1P address registrations) 
WWW: http:/Wwww.ripe.net 


In Asia and the Pacific region, you can contact: 


Asia Pacific Network Information Center 
Level 1, 33 Park Road 

P.O. Box 2131 

Milton, QLD 4064 

Australia 


Voice: +61 7 3367 0490 
FAX: 461 7 3367 0482 


E-mail: info@apnic.net (for general information) 
hostmaster@apnic.net (for IP address registrations) 
WWW: http:/Awww.apnic.net 


Note 


It is a good idea to register your network even if you do 
not intend to connect to the Internet network. Then, if you 
decide to connect to the Internet network later, you will not 
have to change all the host addresses on your network. 


Network mask 


Your network’s subnet mask. Subnetworks allow the systems on a 
local area network (LAN) to be known by one address to the Internet 
network, while being known locally by a set of addresses. Subnetworks 
can represent logical groupings of hosts, or different physical networks. 
If your network uses subnetwork routing, each system on the network 
must have the same subnet mask defined. Use the following table to 
help identify your subnet mask. If you are not using subnetworks, 
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the n is zero (0); otherwise, the n is greater than zero and less than 
or equal to 255. 


Class IP Address Range Subnet Mask 
A 0.0.0.0 to 127.0.0.0 255. n.n.n 

B 128.0.0.0 to 191.0.0.0 255.255. n.n 
C 192.0.0.0 to 223.0.0.0 255.255.255. n 


If you are connecting your system to an existing network that is using 
subnetwork routing, ask the network administrator for the correct 
subnet mask. 


2.2.1.2 Token Ring Interface 
Adapter speed 


If your system supports token ring, the speed of your system’s token 


ring adapter. Two speeds are supported: 4Mb/s and 16Mb/s. The 
default speed is 16Mb/s. 


2.2.1.3 NetRAIN Interface 


NetRAIN interfaces provide higher availability on systems that contain 
multiple network adapters. See Section 2.4 for more information. 


Set members 


The device names of the network interfaces that are part of the 
NetRAIN set. When one interface in the set ceases to function, 
NetRAIN will fail over to another interface on this list. 


2.2.1.4 rwhod Daemon 


The rwhod daemon maintains the database that is used by the rwho and 


ruptime programs. These programs provide basic information about the 
system and its current users to users on remote systems. 


rwhod 


If you want to run the rwhod daemon, check Yes; otherwise, check No. 


Running the rwhod daemon allows you to use the rwho and ruptime 
commands. 


Flags 


If the rwhod daemon is to send rwho packets and ignore incoming 
packets, check Broadcast Only. If the daemon is to collect incoming 
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packets, but not broadcast rwho packets, check Listen Only. If the 
daemon is to do both, check Both. 


See rwhod(8) for additional information. 


2.2.1.5 routed Daemon 


The routed daemon allows your system’s internal routing tables for the 
Routing Information Protocol (RIP) to be updated automatically. 


routed 


If you want to run the routed daemon, check Yes; otherwise, check 
No. Use the routed daemon to manage your routes dynamically 
only if your network and system requirements match the criteria in 
the following table: 


Criterion Type or Value 


Size of network Medium to large Local Area Network or Wide 
Area Network, with multiple subnets 


Network Topology Variable 


Number of routes required Loopback, network interface route, 
and many others 


Routers advertising routes Yes 
Configuration complexity Low 


System overhead Low 


You can choose to run the routed daemon or gated daemon, but not 
both. For more information about these daemons and static routing, 
see the Best Practice for Network Routing at the following URL: 


http://www.tru64unix.compaq.com/faqs/publications/best_prac- 
tices 
Flags 


Specifies how you want the routed daemon to run. You can run the 
routed daemon on a gateway host, write all packets to standard 
output, or log debugging information. Check the options you want. See 
routed(8) for more information. 


RIP data 


If the routed daemon is to supply RIP information, check Supply; 
otherwise, check Run Quietly. 
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2.2.1.6 Gateways File 


The gateways file contains Internet routing information for the routed 
daemon. Specify the following parameters for the file: 


Destination Type 
If the route is to a network, check Net. If the route is to a specific 
host, check Host. 

Destination 


The destination name or |P address (in dotted-decimal format). 


Gateway 


The name or IP address of the gateway host to which messages will 
be forwarded. 


Hop count 


The hop count, or number of gateways, from the local network to the 
destination network. 


Route type 


If the gateway is expected to exchange RIP routing information, check 
Active. If the gateway is not expected to exchange routing information, 
check Passive. If the gateway is to notify routed that another routing 
process will install the route (it is not advertised through RIP), check 
External. 


See gateways(4) for additional information. 


2.2.1.7 gated Daemon 


The gated daemon allows your system's internal routing tables for various 
routing protocols to be updated automatically. 


gated 


If you want to run the gated daemon, check Yes; otherwise, check 
No. Use the gated daemon to manage your routes dynamically only 
if your network and system requirements match the criteria in the 
following table: 


Criterion Type or Value 
Size of network Medium to large, with multiple subnets 
Network Topology Variable 
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Criterion 


Type or Value 


Number of routes required 


Routers advertising routes 
Configuration complexity 
System overhead 


System role 


Loopback, network interface route, 
and many others 


Yes 
Moderate to high 
Low 


Host, router, or cluster member 


You can choose to run the gated daemon or routed daemon, but not 
both. For more information about these daemons and static routing, 
see the Best Practice for Network Routing at the following URL: 


http://www.tru64unix.compaq.com/faqs/publications/best_prac- 


tices 


Configuration file 


The name of an alternate configuration file. By default, the gated 
daemon uses the /etc/gated.conf file. 


2.2.1.8 IP Router 


An IP router is a gateway host connected to more than one TCP/IP network 
that receives and forwards packets between the networks. 


You can configure your system as an IP router if you have more than one 
network interface installed and configured. In addition, you must have 
configured either the routed or the gated daemon. 


IP router 


If you want the system to run as an IP router, check Yes; otherwise, 


check No. 


2.2.2 Information for Network Files 


Figure 2-3 shows the Network Files Worksheet. The following sections 
explain the information you need to record on this worksheet. If you are 
viewing this manual online, you can use the print feature to print a copy 


of the worksheet. 
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Figure 2-3: Network Files Worksheet 


Static Routes File (/etc/routes) 
Destination type: Default gateway [_] Host [__] Network 
Destination: 
Route via: Gateway [_] Interface 
Gateway: 
Hosts File (/etc/hosts) 
Host name: 
Internet address: 


Alias: 


Hosts Equivalencies File (/etc/hosts.equiv) 
Host name: 


User name: 

Networks File (/etc/networks) 
Network name: 
Network address: 
Alias: 


2.2.2.1 Static Routes File (/etc/routes) 


The routes file specifies static routes that will be added to your system's 
internal routing tables when the system boots. 


Use static routes only if your network and system requirements match the 
criteria in the following table: 


Criterion Type or Value 
Size of network Small LAN (hosts and one gateway/router ) 
Network Topology Stable 
Number of routes required Loopback, network interface route, and 
a few others 
Routers advertising routes No 
Configuration complexity Low 
System overhead None 


For moreinformation about static routing, as well as the gated and routed 
daemons, see the Best Practicefor Network Routing at the following URL: 


http://www.tru64unix.compaq.com/faqs/publications/best_practices 


If you choose to use static routes, specify the following parameters for the 
routes file: 
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Destination type 


The specific path, as stored in the /etc/routes file, from your system 
to another host or network. A static route is not updated by network 
software. If you want to route to a default gateway, check Default 
Gateway; toa host, check Host; or toa network, check Network. 


Destination 


The name or IP address of the route destination. For default gateway, 
the default destination is default. 


Route via 


If you are routing through a gateway, check Gateway. If you are routing 
through an interface, check Interface. 


Gateway 


The name or IP address of the gateway or interface. 


See routes(4) for additional information. 


2.2.2.2 Hosts File (/etc/hosts) 


The hosts file contains critical address information for the known hosts on 
the network. Specify the following parameters for the file: 


Host name 


The names of other hosts on the network to be added to the 
/etc/hosts file. 


If your network is running a distributed database lookup service 
(DNS/BIND or NIS), you do not need to list each host on your network 
in your /etc/hosts file. However, it is a good idea to list four or five 
systems on the network designated as DNS/BIND or NIS servers in 
your /etc/hosts file. 


Internet address 


The IP addresses of other hosts on the network to be added to the 
/etc/hosts file. 


Alias 


The aliases, if any, of other hosts on the network to be added to the 
/etc/hosts file. 


See host s(4) for additional information. 


Basic Network Connections 2-11 


2.2.2.3 Hosts Equivalencies File (/etc/hosts.equiv) 


The hosts. equiv file contains the names of remote systems and users that 


can execute commands on the local system. Specify the following parameters 
for the file: 


Host name 


The name of the trusted hosts to be put in the /etc/hosts. equiv file. 


Systems listed in the /etc/hosts. equiv file are logically equivalent 
to, and therefore treated exactly the same as, the local system. 


Setting up an /etc/hosts.equiv file is optional but, if you choose to 
have one on your system, you need to create it and add the names of 
any trusted hosts. 

User name 


The name of a user on a trusted host. 


See hosts. equiv(4) for additional information. 


2.2.2.4 Networks File (/etc/networks) 


The networks file contains information about the known networks that 
your system needs to access. Specify the following parameters for the file: 
Network name 


The official Internet name of the network. 
Network address 
The IP address of the network. 


Alias 


The unofficial names used for the network to be added to the 
/etc/networks file. 


See net works(4) for additional information. 


2.3 Configuring the Network Components 


Use the SysMan Menu application of the Common Desktop Environment 


(CDE) Application Manager to configure the following network components 
on your system: 


Network interfaces (Ethernet, FDDI, and Token Ring) 
Remote who service (rwhod daemon) 
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¢ Routing services (routed daemon, gated daemon, IP router) 
e Static routes file (/etc/routes) 

¢ Hosts file (/etc/hosts) 

¢« Host equivalent file (/etc/hosts. equiv) 

e Networks file (/etc/networks) 


To invoke the SysMan Menu application, follow the instructions in 
Section 1.1.1. See the same section for information about time-saving 
alternatives for configuration tasks. 


2.3.1 Configuring Network Interfaces 


Use the following procedure to configure Ethernet, FDDI, or Token Ring 
network interfaces. For information about how to configure NetRAIN, see 
Section 2.4. 


Note 


If you are configuring a system that is new to this environment, 
verify that the network adapter mode is set correctly at the 
console level before continuing. For example, if you have a 
10base2 Ethernet network and your system is configured to use 
10baseT Ethernet, your system fails to see the network until you 
set the appropriate console variable. See the prerequisite tasks for 
a full installation in the Installation Guide for more information. 


1. Fromthe SysMan Menu, select Networking—Basic Network 
ServicesSet up Network Interface Card(s) to display the Network 
Interface Card (NIC) dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman interface 


All network adapters that are installed on the system are listed in the 
dialog box. 


2. Select the network adapter that you would like to configure. The dialog 
box for the selected interface is displayed. 


3. Enter the name for the interface in the Host Name field. 


To configure an Ethernet interface, do the following: 
a. Toobtain the!IP address data from the DHCP server, select the Use 
DHCP radio button. Otherwise, select the User Supplied Value 


radio button and enter the IP address and network mask data in 
the appropriate fields. 
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b. Select the Additional Flags button to display the Additional Flags 
dialog box, which shows advanced configuration parameters for the 
selected interface. 


c. Select the check boxes and radio buttons for the other interface 
options that you want to enable and enter values where necessary 
for optional ifconfig arguments. 


d. Gotostep 7. 
5. Toconfigure an FDDI interface, do the following: 


a. If you areto obtain the|P address data from the DHCP server, 
select the Use DHCP radio button. Otherwise, select the User 
Supplied Value radio button and enter the |P address and network 
mask data in the appropriate fields. 


b. Select the Additional Flags button to display the Additional Flags 
dialog box, which shows advanced configuration parameters for the 
selected interface. 


c. Select the check boxes and radio buttons for the interface options 
that you want to enable and enter values where necessary for 
optional ifconfig arguments. 


d. Gotostep 7. 
6. To configure a Token Ring interface, do the following: 


Enter the IP address for the host device in the |P Address field. 
Enter the mask variable for the interface in the Network Mask field. 


c. Select the Additional Flags button to display the Additional Flags 
dialog box, which shows advanced configuration parameters for the 
selected interface. 


d. Select the check boxes and radio buttons for the interface options 
that you want to enable and enter values where necessary for 
optional ifconfig arguments. Select the appropriate adapter 
speed: 4 or 16. 


e Gotostep 7. 
7. Select OK to validate the parameters you entered and to close the 


Additional Flags dialog box. The dialog box for the adapter you are 
configuring is displayed. 


8. Select OK to validate the configuration for network interface and close 
the dialog box for the adapter. The NIC dialog box is displayed. 
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9. Repeat steps 2 through 8, if necessary, to configure additional adapters; 
otherwise, select OK start network services and apply your changes 
now. The system applies the changes and closes the NIC dialog box. 


You can also use the NIC dialog box to modify and deconfigure network 
interfaces. See the online help for more information. 


Note 


Once a system is configured to use the network for the 

first time, CDE becomes network-dependent, and it might 
function inconsistently if network services become unavailable. 
Therefore, if you modify or deconfigure the network interface 

on a system with only one interface, your system might be left 

in a unpredictable state. For this reason, it is best to reboot 
immediately after modifying the network interface to prevent 
problems. Furthermore, if you deconfigure the network interface, 
you must configure a new network interface to replace it before 
rebooting. 


2.3.2 Configuring the rwhod Daemon 
To configure the rwhod daemon, do the following: 


1. Fromthe SysMan Menu, select Networking—Basic Network 
Services—+Set up remote who services (rwhod) to display the Remote 
Who dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman rwhod 


The utility asks if you want to run the remote who service on your 
system. 


Select the Yes radio button to enable the remote who service. 
Select the appropriate rwhod flag radio button. 


Select OK to save the changes. The utility notifies you that the changes 
are saved and asks if you want to apply the changes now. 


5. Select Yes to apply your changes now, or select No to close the Routing 
Services dialog box and apply the changes the next time you reboot 
your system. 


6. Select OK todismiss the informational message and to close the Remote 
Who dialog box. 


You can also use the Remote Who dialog box to disable the rwhod daemon. 
See the online help for more information. 
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2.3.3 Configuring the routed Daemon 


To configure the routed daemon, do the following: 


1. 


From the SysMan Menu, select Networking—Basic Network 
Services—Set up routing services (gated, routed, |P Router) to display 
the Routing Services dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman routing 


The utility displays a list of options you can use to configure the gated 
and routed daemons and to set up your system as an |P router. 


Select Yes (use routed) radio button to enable the routed daemon. 


Select the appropriate checkbox if you want to run your system as an IP 
router. 


Select the appropriate check box if you want torun the routed daemon 
on a gateway. 


Select the Supply RIP Data radio button if you want the routed 
daemon to run on a gateway host and supply Routing Information 
Protocol (RIP) data. Select the Run Quietly radio button if you do not 
want the routed daemon to supply RIP information. 


Select the Configure Gateways button to display the Gateways dialog 

box. Do the following: 

a. Select Add to add a new gateway. The Add/Modify dialog box is 
displayed. 


b. Inthe Destination Type field, select the Network radio button if the 
destination is a network. Select the Specific Host radio button if 
the destination is a host. 


c. Enter the destination name, IP address, or “default” in the 
Destination field. 


d. Enter thename or IP address of the gateway host in the Gateways 
field. 


e. Enter the hop count in the Hop Count field. 
f. Select one of the Gateway Type radio buttons. 


g. Select OK to validate the information you entered and close the 
Add/M odify dialog box. Repeat steps a through g for additional 
gateways. 


h. Select OK to save the changes and close the Gateways dialog box. 
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Select OK in the Routing Services dialog box to save the changes. The 
utility displays a dialog box to confirm the changes and to ask if you 
want to start the daemon now. 


Select Yes to start the daemon and apply your changes now, or select 
No to close the Routing Services dialog box and apply the changes the 
next time you reboot your system. 


If you choose Yes, you are informed that the daemon is running. Select 
OK todismiss the message and to close the Routing Services dialog box. 


You can also use the Routing Services dialog box to disable the routed 
daemon. See the online help for more information. 


See the routed(8) and gateways(4) reference pages for more information 
about the routed daemon and the gateways file. 


2.3.4 Configuring the gated Daemon 


To configure the gated daemon, do the following: 


1. 


5. 


From the SysMan Menu, select Networking—Basic Network 
Services—Set up routing services (gated, routed, |P Router) to display 
the Routing Services dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman routing 


The utility displays a list of options you can use to configure the gated 
and routed daemons and to set up your system as an |P router. 


Select the Yes (use gated) radio button to enable the gated daemon. 


Select the appropriate check box if you want to run your system as 
an IP router. 


Enter the file name of the gated configuration file in the Configuration 
File field. 


Note 


To configure the gated daemon, you must set up 

the /etc/gated.conf file in the format specified in 
gated.conf(4). A default /etc/gated.conf fileis provided 
when you install the software. 


Select OK in the Routing Services dialog box to save the changes. A 
dialog box is displayed to confirm the changes and to ask if you want 
to start the daemon now. 
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Select Yes to start the daemon and apply your changes now, or select 
No to close the Routing Services dialog box and apply the changes the 
next time you reboot your system. 


If you choose Yes, you are informed that the daemon is running. Select 
OK todismiss the message and to close the Routing Services dialog box. 


You can also use the Routing Services dialog box to disable the gated 
daemon. See the online help for more information. 


See the gated(8) and gated. con£(4) reference pages for more information 
about the gated daemon and the gated. conf file. 


2.3.5 Configuring the System as an IP Router 


In order to function as an IP router, your system must have two network 
interfaces installed and configured and must have the routed or gated 
daemon configured. To configure the system as an IP router, dothe following: 


1. 


From the SysMan Menu, select Networking—Basic Network 
Services—Set up routing services (gated, routed, |P Router) to display 
the Routing Services dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman routing 


The utility displays a list of options you can use to configure the gated 
and routed daemons and to set up your system as an |P router. 


Select the appropriate check box to run your system as an |P router. 


Select OK to save the changes. A dialog box is displayed to confirm 
the changes and to ask if you want to start or restart the routed or 
gated daemon. 


Select Yes to start the daemon and apply your changes now, or select 
No to close the Routing Services dialog box and apply the changes the 
next time you reboot your system. 


If you choose Yes, you are informed that the daemon is running. Select 
OK todismiss the message and to close the Routing Services dialog box. 


You can also use the Routing Services dialog box to deconfigure the system 
as an IP router. See the online help for more information. 
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2.3.6 Configuring the Static Routes File 


To configure the routes file, you add entries (static routes) tothe routes 
file. Do the following: 


1; 


From the SysMan Menu, select Networking—Basic Network 
Services—Set up static routes (/etc/routes) to display the Static Routes 
dialog box. 


Alternatively, enter the following command on a command line: 

# /usr/bin/sysman route 

Select Add to add a static route. The Add/M odify dialog box is displayed. 

Select one of the Destination Type radio buttons. 

For host and net destinations: 

a. Enter the full name or IP address of the destination network or 
host in the Destination field. 


b. Select one of the Route Via radio buttons. Select the Gateway 
button if the route is through a gateway. Select the | nterface button 
and skip to step 6 if the route is through an interface. 


For a gateway, enter the full name or |P address of the gateway host to 
which messages will be forwarded in the Gateway field. 


Select OK to validate the entry and add it to the list. Repeat steps 2 
through 6 for additional static routes. 


Select OK to save the current changes. A dialog box is displayed to 
confirm the changes and to ask if you want to start the static routes 
service. 


Select Yes to start the service and apply your changes now. Or, select 
Noto close the Static Routes dialog box and apply the changes the next 
time you reboot your system. 


If you choose Yes, select OK to close the Static Routes dialog box. 


You can also use the Static Routes dialog box to modify and delete entries in 
the routes file. See the online help for more information. 


See the routes(4) reference page for moreinformation about the routes file. 


2.3.7 Configuring the hosts File 


To configure the hosts file, do the following: 


1. 


From the SysMan Menu, select Networking—Basic Network 
Services—Set up hosts file (/etc/hosts) to display the Hosts dialog box. 
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Alternatively, enter the following command on a command line: 

# /usr/bin/sysman host 

Select Add to add a host. The Add/M odify dialog box is displayed. 
Enter an official host name in the Host Name field. 

Enter the IP address of the new host in the Host Address field. 


Optionally, enter any unofficial name or names for this host in the 
Aliases field. Also, provide pertinent information, for example, the 
location of the host, in the Comment field. 


Select OK to validate the entry and add it to the list. Repeat steps 
2 through 6 for additional hosts. 


Select OK toupdate the /etc/hosts file and to close the Hosts dialog 
box. 


You can also use the Hosts dialog box to modify and delete entries in the 
hosts file. See the online help for more information. 


See the host s(4) reference page for more information about the hosts file. 


2.3.8 Configuring the hosts.equiv File 


To configure the hosts. equiv file, do the following: 


1. 


From the SysMan Menu, select Networking—Basic Network 
Services—Set up host equivalency file (/etc/hosts.equiv) to display the 
Hosts Equivalency dialog box. 


Alternatively, enter the following command on a command line: 


# /usr/bin/sysman hosteq 
Select Add to add a host. The Add/M odify dialog box is displayed. 
Enter the remote host name in the Host field. 


Note 


If the host is not on the network, you cannot add the host. 


Enter the name of a user on the remote host in the User field. 


Select OK to validate the entry and add it to thelist. Repeat steps 2 
through 5 for additional remote hosts. 


Select OK to update the /etc/hosts. equiv file and to close the Hosts 
Equivalency dialog box. 
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The Hosts Equivalency dialog box also enables you to modify and delete 
entries in the hosts. equiv file. See the online help for additional 
information. 


See the hosts. equiv(4) reference page for more information about the 
hosts. equiv file. 


2.3.9 Configuring the networks File 
To configure the networks file, do the following: 


1. From the SysMan Menu, select Networking—Basic Network 
ServicesSet up the networks file (/etc/networks) to display the 
Networks dialog box. 


Alternatively, enter the following command on a command line: 

# /usr/bin/sysman networks 

Select Add to add a network. The Add/Modify dialog box is displayed. 
Enter the official network name in the Network Name field. 

Enter the IP address of the network in the Network Address field. 


If an unofficial name (alias) is assigned to the new network, enter the 
aliases in the Aliases field. 


6. Select OK to validate the entry and add it to the list. Repeat steps 2 
through 6 for additional networks. 
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7. Select OK to update the /etc/networks file and to close the Networks 
dialog box. 


You can also use the Networks dialog box to modify and delete entries in the 
networks file. See the online help for more information. 


See the networks(4) reference page for more information about the 
networks file. 


2.3.10 Configuring IP Aliases 


An IP alias is an additional network address for an interface. The alias is 
usually an address in the same subnet as the primary IP address on the 
interface. 


To configure an IP alias, you need the following information: 
e IP alias address 

« Netmask value associated with the IP alias address 

« Host name associated with the IP alias address 
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To configure an IP alias, do the following: 


1. Addthe!IP address and host name to the /etc/hosts file (see 
Section 2.3.7). 


2. Edit the /etc/inet.1local file and add the command to configure the 
alias. Use the following syntax: 


ifconfig interface alias |P_alias address netmask IP_alias neétmask 
For example: 
ifconfig tu0 alias 18.54.76.129 netmask 255.255.255.0 


See the ifconfig(8) reference page for more information on ifconfig 
parameters. 


3. Restart network services by entering the following command: 


# rcinet restart 


2.4 NetRAIN Interfaces 


The Redundant Array of Network Adaptors (NetRAIN) interface provides a 
mechanism to protect against certain kinds of network connectivity failures. 


NetRAIN integrates multiple network interfaces on the same LAN segment 
into a single virtual interface called a NetRAIN set. One network interface 
in the set is always active while the others remain idle. If the active interface 
fails, one of the idle set members comes online with the same IP address 
within an adjustable failover time period. 


NetRAIN monitors the status of its network interfaces with the Network 
Interface Failure Finder (NIFF), a tool used to detect and report possible 
network failures. These tools can be used independently of NetRAIN. For 
more information about NIFF, see the nif £(7) reference page. 


2.4.1 Configuring NetRAIN 


The following sections describe how to configure the hardware and the 
network interfaces for a NetRAIN set. 


2.4.1.1 Hardware Restrictions, Configuration, and Licensing 
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Before you set up the NetRAIN virtual interface, note the following hardware 
restrictions and configuration tips: 


e« You must construct a NetRAIN set out of interfaces that are currently 
idle. This means the interfaces cannot be marked as "up" in the Set up 
Network I nterface Card(s) dialog box of the SysMan Menu and they 
cannot have IP addresses assigned to them. 


Basic Network Connections 


You must use two or more of the same type of network interface (F DDI, 
ATM LAN Emulation, or Ethernet) dedicated toa single LAN segment. 
If you use Ethernet adaptors, they must all be of the same speed. 


You cannot run LAT over a NetRAIN virtual interface (nr) or any of the 
interfaces that compose a NetRAIN set. 


It is best to run separate cables from each network adapter to the 
appropriate hub or concentrator to provide physically redundant paths 
back to the network. This reduces the chance of network failure due to 
cables being accidentally unplugged. 


If necessary, you can adjust the timeout values to ensure that NetRAIN 
will successfully detect and respond to network failure. You can tune 
these parameters with the sysconfig command, ifconfig command, 
and the ioct1 system call. See the nr(7), ifconfig(8), sysconfig(8), 
dxkerneltuner(8), and sys_attrs netrain(5) reference pages for 
details. 


By default, these parameters are tuned for operation over Ethernet, but 
it is possible that the default values and other suggested timeout values 
will not work in your environment. For example, if you are connected to 
a switch, failover time will depend on the switch and its configuration. 


You must use UNI Version 3.1 when running NetRAIN over LANE to 
obtain acceptable failover times with some ATM switches, including the 
Gigaswitch. If you use UNI Version 3.0, the failover time might be long 
because the T309 timer is set to 90 seconds by default on some switches. 
If the T309 timer is adjustable on your switch, you can set the T309 
timer to 10 seconds as in UNI Version 3.1 to try to achieve acceptable 
failover times. 


NetRAIN and MAC Address Licensing Schemes 


Licensing schemes that use a network adapter’s Media Access Control 
(MAC) address to uniquely identify a machine can be affected by how 
NetRAIN changes the MAC address. 


All network drivers support the STOCRPHYSADDR ioctl that fetches MAC 
addresses from the interface. This ioctl returns two addresses in an array: 


Default hardware address 


The permanent address that is taken from the small PROM that each 
LAN adapter contains. 


Current physical address 
The address that the network responds to on the wire. 


Licensing schemes based on MAC addresses must use the default hardware 
address returned by the SIOCRPHYSADDR ioctl; do not use the current 
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physical address because NetRAIN modifies this address for its own use. See 
the reference page for your network adapter (for example 1n(7) and tu(7)) for 
a sample program that uses the SITOCRPHYSADDR ioctl. 


2.4.1.2 Configuring the NetRAIN Interface 


NetRAIN configuration parameters are stored in the /etc/rc. config file 
along with the parameters for other network interfaces. Use the rcmgr 
utility to change the values of the variables. For more information about the 
remgr utility, see the rcmgr(8) reference page. 


Note 


The NetRAIN parameters in the following steps are case sensitive 
and must be typed in uppercase as shown. 


To configure NetRAIN, do the following: 


1. Login as root. 
2. Construct the NetRAIN set or sets, as follows: 


a. 


Set the NetRAIN interface name or names: 
# remgr set NRDEV_n netrain-interface-id 
The netrain-interface-id must have the form nrn. 


Specify the same integer n for the NRDEV_n variable and the nrn 
interface. For example, if no NetRAIN interfaces are configured on 
your system, you can specify NRDEV_0 and nro, respectively. 


Indicate which network interfaces will be part of the NetRAIN set 
or sets and, if necessary, provide failover timeout values: 


# remgr set NRCONFIG n interface-id,interface-id [nrtimers integer, integer] 


Note 


When specifying the interfaces, do not leave any spaces 
between the interface-id parameters and the 
commas. For example, for two Ethernet interfaces, you 
can specify tuo, tul but not tuo, tui. 


Thenrtimers values dictate how long the system is to wait 
before switching between interfaces. For more information about 
nrtimers values, see Section 2.4.1.1 and the ifconfig(8) 
reference page. 


Indicate to the system that you have configured a NetRAIN set: 


2-24 Basic Network Connections 


# remgr set NR_ DEVICES integer 


Increment integer by the number of NetRAIN sets you have created. 
For example, if you create one NetRAIN set, integer is 1. 


3. Configure the network parameters for the NetRAIN set or sets that you 
created, as follows: 


a. 


Set the interface name: 


# remgr set NETDEV_n netrain-interface-id 


For netrain-interface-id, usethesamenrn!D you specified 
in step 2a. 


If you configured other network interfaces in the rc. config file, 
you need to find and use the next available NETDEV_n variable. 
For example, if you used NETDEV_o to configure an Ethernet card 
that is not part of the NetRAIN set, the next available variable 
is NETDEV_1. 


Set the ifconfig parameters that will be used to initialize the 
NetRAIN interface: 


# remgr set IFCONFIG n IP-address netmask network-mask 


As in step 3a, if you configured other network interfaces in the 
rc.config file, you need to use the next available TFCONFIG_n 
variable. 


Indicate to the system that you have configured an additional 
network interface: 


# remgr set NUM _NETCONFIG integer 
Increment integer by the number of NetRAIN interfaces you 
have created. If you configured other network interfaces in the 


rc.config file, you need to add the number of NetRAIN interfaces 
to the current NUM_NETCONFIG value from that file. 


4. Restart network services to apply the changes. 


After you configure a NetRAIN set, the NetRAIN interface is available each 
time you restart your system. 


Optionally, you can configure NetRAIN interfaces from the command line by 
using the ifconfig command, but the changes are not preserved when you 
reboot. For more information, see the ifconfig(8) reference page. 


Example 2-1 and Example 2-2 show the commands you would enter to 
establish two different NetRAIN configurations. 


To create one NetRAIN set with two Ethernet interfaces, tuo and tu1, ona 
system where no other network interfaces have been configured, you would 
enter the commands in Example 2-1. 
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Example 2-1: Creating One NetRAIN Set 


remgr set NRDEV 0 nr0/1 
remgr set NRCONFIG 0 tu0,tul|2 
remgr set NR_DEVICES 1/3 
remgr set NETDEV 0 nr0|4 
remgr set IFCONFIG 0 18.240.32.40 netmask 255.255.255.0/5 
remgr set NUM_NETCONFIG 1/6 


HHH +H +H H+ 


1] Creates a NetRAIN set called nro. 
Indicates that the nro set consists of the tuo and tui interfaces. 


Indicates to the system that there is one NetRAIN set. 


B&B) |!) | 


Creates a network interface called nro for the NetRAIN virtual 
interface. 


5| Defines the IP address and network mask for the NetRAIN virtual 
interface. 


6] Indicates tothe system that there is one network interface. 


To create two NetRAIN sets, one with two FDDI interfaces called ftao 

and ftai1 and the other with two ATM LANE interfaces called elano and 
elan 1, on a system where one other network interface has been configured 
(Suppose NETDEV_0iS tuo), you would enter the commands in Example 2-2. 


Example 2-2: Creating Two NetRAIN Sets 


remgr set NRDEV 0 nr0/1 
remgr set NRDEV_1 nrl 

remgr set NRCONFIG 0 fta0,ftal|2 
remgr set NRCONFIG 1 elan0,elanl nrtimers 4,16/3 
remgr set NR DEVICES 2/4 
remgr set NETDEV_1 nri|5 
remgr set NETDEV 2 nr2 

remgr set IFCONFIG 1 18.240.31.40 netmask 255.255.255.0|6 
remgr set IFCONFIG 2 18.240.31.42 netmask 255.255.255.0 

remgr set NUM NETCONFIG 3/7 


1] Creates two NetRAIN sets called nro and nr1. 


2] Indicates that the nro set consists of the tuo and tui interfaces. 


3] Indicates that the nr1 set consists of the elano and elan1 interfaces. 
Also provides nrtimers failover values for the set. The values in this 
example are suggested starting values for ATM LANE. They might not 
work for your configuration, as described in Section 2.4.1.1. For more 
information about nrtimers values, see the ifconfig(8) reference 
page. 

4] Indicates to the system that there are two NetRAIN sets. 
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5] Creates network interfaces called nro and nr1i for the two NetRAIN 
virtual interfaces. 


6] Defines the IP address and network mask for each NetRAIN virtual 
interface. 


7] Indicates to the system that there are three network interfaces, the two 
NetRAIN virtual interfaces and the preexisting Ethernet interface. 


2.4.2 Monitoring NetRAIN Activity 


To check which member of a NetRAIN set is the active interface, use the 
ifconfig command. For example: 
#ifconfig nro 


nr0: flags=8c63 NetRAIN Attached Interfaces: ( ftaO ftal ) Active Interface: 
( ftaO )inet 18.240.32.40 netmask fffffFf00 broadcast 18.240.32.255 ipmtu 4352 


This example shows that: 
¢ The virtual interface nro is running; its|P address is 18.240.32.40. 
¢ TheNetRAIN set consists of two physical interfaces, ftao and ftal. 


e« NetRAIN is using ftao for communication. If NetRAIN determines that 
ftao is not active, it switches to the next interface in the set, ftal. 


To see the status of all set members while the NetRAIN interface is running, 
use the niffconfig command. For example: 

#niffconfig -u 

Interface: tul, state: DEAD, tl: 4, dt: 2, t2: 10, time to dead: 0, 

current interval: 2, next time: 2 

Interface: nr0O, state: GREEN, tl: 4, dt: 2, t2: 10, time to dead: 0, 
current_interval: 4, next time: 4 


Interface: tu0, state: GREEN, tl: 4, dt: 2, t2: 10, time to dead: 0, 
current_interval: 4, next time: 4 


In this example, you can see that the virtual interface nro is running and 
NetRAIN is using tuo for communication. This example also shows the 
nrtimers values for each member of the set. See the ifconfig(8) reference 
page for more information on these values. 


2.5 Configuring Multiple Network Interfaces in the Same 
Subnet 


You can configure multiple active network adapters in one system, even if 
they operate on the same subnetwork. For example, you can configure a 
tuo interface at 192.24.156.20 and a tui interface at 192.24.156.21, both 
with the same netmask. 


When you establish a connection, the kernel routes the connection 
through the interface that has the fewest number of connections. This 
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connection-balancing effect can lead to greater throughput than on a system 
with just one network adapter per subnetwork. 


This feature differs from NetRAIN because it does not give you increased 
reliability or failover, it simply gives a system multiple paths to access the 
network. 


Network administrators might choose to configure a system with multiple 
interfaces in the same subnetwork for various reasons. For example: 


¢ Thecurrent environment has only a single subnet, but additional 
bandwidth is needed to certain systems. 


¢« The site cannot upgrade its network infrastructure to newer, faster 
technologies, such as Gigabit Ethernet, which would improve network 
throughput. 


¢« Thesource of a bottleneck is a particular system's network connection, 
but the switch to which it is connected is under-utilized and has 
additional ports and bandwidth available. Another connection to this 
system would reduce resource contention. 


¢ There are no additional IP subnetworks assigned or available for 
configuration, and the host requires more bandwidth to access the 
current subnetwork than one network interface card allows. 


For the system to function properly when configured in this manner, it must 
meet all of these conditions: 


e [It must be part of one of the following physical network layouts: 
- Switched Ethernet (10/100/Gigabit) 
- Switched Fiber Distributed Data Interface (F DDI) 
- ATM Classical IP (CLIP) 
- ATM LAN Emulation (LANE) 
- Point-to-Point (PPP) 
e [It must not be running a routing daemon (either gated or routed). 


e [t must have access to all remote systems through each interface that 
is configured in the same subnet. For example, you must be able to 
successfully issue a ping command tothe sameremote system when each 
network interface is configured by itself. This implies that all interfaces 
in the system are connected to the same physical network switch. 


This feature might affect the operation of network software or commands 
that rely on the network interface staying constant for the life of a 
connection. For example: 


e Multicast transmission might not work properly. 
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¢ Utilities such as traceroute might give inconsistent output, since the 
interface used might change from packet to packet. 


No special settings are required to use this feature. Configure the network 
interfaces as directed in Section 2.3.1 and assign the interfaces IP addresses 
in the same subnet. 


By default, configuring an interface adds an additional interface route into 
the routing table. If you wish to add routes using the route command or 
the /etc/routes file, see the rout e(8) reference page for details on adding 
routes on multiple interfaces. For example, you might want to add a default 
route on multiple interfaces. See netstat(1) for information on how to view 
the kernel routing table. 


2.6 Enabling Access Filtering on an Interface 


Interface access filtering helps you detect and prevent IP spoofing attacks. 
To enable interface access filtering on an interface, do the following: 


1. Createan /etc/ifaccess.conf file and add entries against which the 
source address of input packets are checked. 

2. Usethe ifconfig command with the +filter parameter to enable 
access filtering on the network interface. 


See ifaccess.conf(4) and ifconfig(8) for more information. 


2.7 Monitoring the Local Host’s Status 


You can usethe netstat command to monitor the status of the local host 
by viewing the contents of network-related data structures. You can select 
several forms of display; each allows you to specify the type of information 
you want to emphasize. 


Table 2-1 shows the netstat command options. 


Table 2-1: Options to the netstat Command 
Option Function 


—A Displays the address of any associated pro- 
tocol control blocks. 


—a Includes information for all sockets. 


-f£ address_family _ |ndudes statistics or address control block reports 
for the specified address family. 


-I interface Displays information about the specified interface. 


-i Provides status information for autoconfigured interfaces. 
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Table 2-1: Options to the netstat Command (cont.) 


Option Function 
—™m Displays information about memory management usage. 
—n Lists network addresses in number form rather 
than symbolic form. 
= Lists routing tables. 
-s Provides statistics per protocol. 
—t Displays the time until the interface watchdog routine 


starts (for use with the —i option). 


The-1 option provides statistics for a specific interface. See Appendix A for 
an example of using the —I option to monitor Ethernet, Fiber Distributed 
Data Interface (F DDI), and token ring interfaces, and a description of the 
counters, status, and characteristics. 


The-i option provides statistics on each configured network interface. 
Outgoing packet errors (Oerrs) indicate a potential problem with the local 
host. [Incoming errors (Ierrs) indicate a potential problem with the network 
connected to the interface. 


See net stat(1) for more information on this command and its options. 


The following example shows normal output (no Ierrs or Oerrs) from the 
netstat command with the —i option: 


% netstat -i 


Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll 
ino 1500 <Link> 8324125 0 8347463 0 237706 
1no 1500 16.31.16 host1 8324125 0 8347463 0 237706 
fza0* 4352 <Link> 0) 0) 0) 0) 0) 
sl0* 296 <Link> 0 0) 0) 0) 0) 
sl1l* 296 <Link> 0 0) 0) 0) 0) 
tradO 4092 <Link> 34 0) 20 0) 0 
trad 4092 16.40.15 host21 34 0 20 0 0) 
100 1536 <Link> 909234 0) 909234 0) 0 
100 1536 loop localhost 909234 0 909234 0 0 


2.8 Displaying and Modifying the FDDI Parameters 


You use the fddi_ config command to display and modify the F DDI 
adapter parameters. 


To display the FDDI adapter parameters, use the fddi_config command 
with the following syntax: 


fddi_config —i interface name-d 


To modify the FDDI adapter parameters, log in as root and use the 
£ddi_config command with one or more of the options in Table 2-2. 
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Table 2—2: Options to the fddi_config Command 


Option 


Function 


i interface name 


-—c counter update interval 


-l1 lem_threshold 


-p [1|0] 


-r restricted_token_timeout 


t token_request_time 


-v valid_transmit_time 


-x [1]0] 


Changes or displays the FDDI characteristics 
for interface name. You must provide 
the interface name. 


Determines how often the driver counters 
are updated by the DEFTA adapter. The 
default is 1 second. Setting the interval time 
to zero (0) disables counter updates. (For 
the DEFTA (fta) FDDI interface only.) 


Displays the FDDI interface parameters 
you can set. 


Sets the error rate threshold of Link 
Error Monitor (LEM). The LEM error 
rate threshold is 1x10", where n ranges 
from 5 to 8, inclusively. The default 
LEM threshold is 1x10-8, 


Sets the ring purger state for the specified 
FDDI interface. A value of 1 enables the ring 
purger ability; a value of 0 disables it. 


Sets the Restricted Token Timeout parameter, 
defining how long a single restricted mode 
dialog can last before being terminated. 

The range for this parameter is from 

0 to 10000 milliseconds. The default 

value is 1000 milliseconds. 


Sets the Request Token Rotation Time (T_req) 
for interface name. T_req is used during 
the ring initialization process to negotiate a 
Target Token Rotation Time (TTRT) for the 
ring. The range for this parameter is from 
4.0 milliseconds to 167.77208 milliseconds. 
The default value is 8.0 milliseconds. 


Sets the Valid Transmission Time (TVX) 
timer for a specific FDDI interface The 
range for the TVX timer is from 2.35 
milliseconds to 5.2224 milliseconds. The 
default is 2.6214 milliseconds. 


Enables (1) or disables (0) full-duplex 
operation for the interface. If the full-duplex 
operation is enabled, the interface is in 

one of the following states: Idle, Request, 
Confirm, or Operational. (For the DEFTA 
(fta) FDDI interface only.) 


See fddi_config(8) for moreinformation on this command and its options. 


Basic Network Connections 2-31 


The following example shows how to display the FDDI interface parameters 
you can set: 


% /usr/sbin/fddi_config -i fza0 -d 
fza0 ANSI FDDI settable parameters 


Token Request Time: 0.0000 ms 
Valid Transmission Time: 0.0000 ms 
LEM Threshold: 0 
Restricted Token Timeout: 15.8314 ms 
Ring Purger State: (null) 


fza0 Full Duplex Mode: Disabled 


fza0 Counter Update Interval: 10 sec 


The following example shows how to change the Token Request Time (TRT) 
value for the fza0 interface to 10.2: 


# fddi_ config -t10.2 -i fza0 
The following example shows how to turn the ring purger off: 


# fddi_ config -—p 0 —i mfa0 


2.9 Managing Token Ring Source Routing 


Source routing is a bridging mechanism that systems on a token ring LAN 
use to send messages to a system on another interconnected token ring LAN. 
Under this mechanism, the system that is the source of a message uses a 
route discovery process to determine the optimum route over token ring 
LANs and bridges to a destination system. The source system stores the 
optimum routes in its source routing table. 


When the system is booted with the DETRA adapter installed and 
configured, token ring source routing is initialized by default. To manage 
token ring source routing, use the srconfig command. 


Table 2-3 shows the srconfig command options. All srconfig command 
options are case insensitive; type them in uppercase, lowercase, or mixed 
case. The short form for each flag is indicated by uppercase letters. 


Table 2-3: Options to the srconfig Command 


Option Function 
-DElentry mac_address® Deletes a source routing table entry. 
-DISEntry mac_address® Disables a source routing table entry. This 


marks the entry as Stale. 


-RAttr Displays the source routing attributes. 
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Table 2-3: Options to the srconfig Command (cont.) 


Option Function 

-RCounter Displays the source routing counters. 

-REntry mac_address Displays a specific source routing table entry. 

-RTable Displays the source routing table. 
SETAgetimer timer? Sets the value of the Source Routing Aging 


Timer, specifying the length of time a source 
routing table entry remains valid until being 
marked as invalid or Stale. If not set, the 
system default is 120 seconds. 


-SETDsctimer timer@ Sets the Source Routing Discovery Timer, 
specifying the amount of time a route discovery 
process can take before it terminates. If not 
set, the system default is 5 seconds. 


-SETMaxentry value? Sets the maximum number of entries allowed 
in the source routing table. The range for this 
entry is a multiple of 256 from 1024 to 2048. This 
parameter can be increased, but not decreased. 
If not set, the system default is 1024. 


—u Specifies that the MAC addresses are in 
uncanonical form. This option can be used with 
the -DElEntry mac_address, —DISEntry 
mac_address, and -RTable options only. 


—Zcounter Sets the source routing counters to zero. 


9 Requires superuser privileges. 


See srconfig(8) for more information on this command and its options. 


The following example increases the number of routing table entries from 
1024 to 1280 by using the shortened form of the-SetMaxEntry option: 


# srconfig -setm 1280 
Current SR Table size is : 1024 
New SR Table size is : 1280 


The following example displays the source routing attributes by using the 
shortened form of the —-RAttr option: 


# srconfig -ra 
Source Routing is enabled 


Current SR Aging Timer 2 220 
Current SR Discovery Timer : 10 
Current SR Table size is : 1024 


The following example displays the source routing counters by using the 
shortened form of the -—RCounter option: 
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# srconfig -re 

ARE Frames Sent : 00000001 
ARE Frames received : 00000000 
Route Discovery Failures : 00000001 


~ 
a 
a 
a 


The following example displays all entries, with MAC addresses in canonical 
form, in the source routing table, by using the shortened form of the 
-RTable option. The backslash (\ ) character indicates line continuation and 
does not appear in the actual output. 


# srconfig —rt 

Target Node MAC Address 00-00-0C-01-08-E9 (ip = 130.180.4.3) \ 
Have Route |{1 
Routing Information: SRF, length 8, direction 0,largest frame \ 
4472 octets |2 
Route Descriptors: 021C 7FFC 0220 0000 0000 0000 0000 0000 3 


Target Node MAC Address 00-00-C9-10-1B-F5 On Ring 4 


Target Node MAC Address 08-00-2B-2C-F1-F9 (ip = 130.180.4.2) \ 
Stale (Have Route) 5 
Routing Information: SRF, length 8, direction 0,largest frame 4472 octets 
Route Descriptors: 021C 7FFC 0220 0000 0000 0000 0000 0000 


Target Node MAC Address 00-00-C9-0B-33-80 Stale (On Ring) 


1] Have Route indicates the source system has a valid path to the 
destination system. 


2] Information returned by the destination system in response to the route 
discovery process. 


3] TheLAN segments and bridges that constitute the path to the 
destination system. 


4] On Ring indicates the destination system is on the same ring as the 
source system and does not need source routing. 


5] Stale indicates the entry is invalid and needs to be updated by the 
route discovery process. 


The following example shows all entries, with MAC addresses in 
noncanonical form, in the source routing table by using the shortened form of 
the -RTable option. The backslash (\ ) character indicates line continuation 
and does not appear in the actual output. 

# srconfig -rt -u 

Target Node MAC Address 00:00:30:80:10:97 (ip = 130.180.4.3) Have Route 


Routing Information: SRF, length 8, direction 0,largest frame 4472 octets 
Route Descriptors: 021C 7FFC 0220 0000 0000 0000 0000 0000 


Target Node MAC Address 00:00:93:08:D8:AF On Ring 
Target Node MAC Address 10:00:D4:34:8F:9F (ip = 130.180.4.2) Stale \ 
(Have Route) 


Routing Information: SRF, length 8, direction 0,largest frame 4472 octets 
Route Descriptors: 021C 7FFC 0220 0000 0000 0000 0000 0000 
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Target Node MAC Address 00:00:93:D0:CC:01 Stale (On Ring) 


2.10 Displaying and Modifying the Token Ring IP MTU Size 


By default, the DETRA adapter uses an IP maximum transfer unit (MTU) 
size of 4092 bytes. In a multivendor environment with different adapters 
using different IP MTU sizes, the bridges connecting different networks 
can be set up to forward smaller packet sizes. As a result, bridges might 
drop packets or remote hosts might reject packets. If either occurs on your 
network, reduce the |P MTU size for all hosts on the network and ensure 
that all hosts use the same size. 


The following command displays the DETRA interface|P MTU sizeas 
4092 bytes: 
% ifconfig tra0 


trad: flags=9863<UP,BROADCAST,NOTRAILERS , RUNNING> 
inet 16.141.208.3 netmask ffffff00 broadcast 16.141.208.255 ipmtu 4092 


The following example sets the |P MTU size of DETRA interface to 2044 
bytes: 


% ifconfig tra0 ipmtu 2044 


2.11 Managing Network Quality of Service 


As applications place increasing demands for bandwidth on the | nternet 
network, increasing the network bandwidth is only a temporary solution. 
Newer real-time applications demand both increased bandwidth and low 
latency. Clearly, the importance of bandwidth management is increasing. 


An IP network with its Best Effort delivery service performs a form of 
passive bandwidth management. If an outgoing queue is full, indicating 
high network traffic and congestion, the packets are quietly dropped. Some 
upper-level protocols can detect data loss, others cannot. 


Quality of service (QoS) is the phrase commonly associated with the concept 
of actively managing network bandwidth. In this scenario, all network 
elements (for example, hosts, applications, and routers) and all network 
protocol layers cooperate to ensure consistent traffic and service end-to-end 
in anetwork. Network bandwidth for real-time applications is reserved, 
while sufficient bandwidth remains for best-effort traffic. 


The major network QoS components in this operating system are as follows: 


¢ Traffic Control subsystem — Provides an application data flow with a 
QoS that approximates Best Effort delivery through unloaded network 
interfaces. 


Traffic control is supported on the Ethernet and FDDI interfaces. 
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2.11.1 


2.11.2 


e Resource ReSerVation Protocol (RSVP) — Provides a mechanism to 
reserve bandwidth on the local system and through the network. On 
this operating system, RSVP is implemented in the form of the rsvpd 
daemon. The rsvpd daemon uses the Traffic Control subsystem to 
install and modify flows and filters for a specific network interface. 


¢ RSVP Application Programming Interface (RAPI) — Enables a local 
application that requires enhanced QoS to communicate with the rsvpd 
daemon. Using the RAPI routines, an application can make resource 
(bandwidth) reservations on the local system or advertise services to 
other nodes in the network, or both. See the Network Programmer’s 
Guide for a description of the RAPI routines. 


Managing the Traffic Control Subsystem 


The Traffic Control subsystem performs the following tasks: 


¢ Implements an admission control mechanism that maintains interface 
parameters, such as the device's peak output rate, the percentage of 
bandwidth that can be reserved, and the maximum number of concurrent 
flows. 


e Ensures that applications do not pace data at a rate faster than allowed. 


¢ Interfaces with the rsvpd daemon and the iftcnt1 command to install 
and remove flows and filters. 


e« Matches all outgoing packet headers with any existing filter 
specifications to determine on which output queue to place the packets. 


See iftcnt1(8) for more information. 


The rsvpd daemon requires that traffic control be enabled on the local 
system in order to install and modify flows and filters for a specific network 
interface. To enable traffic control on your local system, check that the 
ether _cl_ scheduler system attribute is enabled (set to 1). If it is not 
enabled, enable it by using the sysconfig command or dxkerneltuner. 
Then, reboot the system. 


Managing RSVP 


RSVP assigns QoS to specific |P data flows or sessions, which can be either 
multipoint-to-multipoint or point-to-point. In order to receive data packets 
for a particular multicast session, a host must have joined the corresponding 
IP multicast group. A given session may have multiple senders and if the 
destination is a multicast address, multiple receivers. 


The rsvpd daemon performs the following functions: 
e Listens for incoming RSVP messages 
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2.11.2.1 


2.11.2.2 


2.11.2.3 


« Communicates with RSVP-enabled applications on the local host through 
RAPI 


¢ Interfaces with the operating system’s Traffic Control subsystem 


See rsvpd(8) for more information. 


Starting and Stopping rsvpd 


To start the rsvpd daemon, enter the following command: 
# /usr/sbin/rsvpd 
If you want to start the daemon automatically at system boot time, include 


the command in the /etc/inet.local file. See rsvpd(8) for more 
information on the daemon and its options. 


To stop the rsvpd daemon, enter the following command: 
# kill -9 ‘cat /var/run/rsvpd.pid* 


The rsvpd daemon does not start or stop any applications during its startup 
or shutdown procedures. It also does not maintain any on-disk configuration 
information about applications. Whenever the rsvpd daemon starts, it has 
no information about previous reservations. 


Typically all daemons on the operating system are started or stopped 
together, as the system changes run levels. But applications must correctly 
handle situations where they start before the rsvpd daemon, or are running 
while the rsvpd daemon is restarted. In these situations, local applications 
need to reinitiate communications with the rsvpd daemon. 


Adding and Deleting Network Interfaces 


When you add or delete a network interface on your system, you must 
stop and restart the rsvpd daemon in order to for it to update its table of 
available interfaces. Enter the following commands: 


# kill -9 ‘cat /var/run/rsvpd.pid* 
# /usr/sbin/rsvpd 
Displaying RSVP Session Information 


You can display RSVP session information on routing systems or end 
systems to determine if RSVP is working correctly on your system. RSVP 
session information will show you if connections are are being set up and 
if reservations are being honored. 


To monitor active RSVP sessions on the local system, enter the following 
command: 


# /usr/sbin/rsvpstat 
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By default, the rsvpstat command displays a list of all RSVP sessions, 
sender and receiver, active on this system. Information includes the session 
number, destination address, |P protocol, port number, and the number of 
PATH and RESV states for the session. 


To display sender information, including the contents of the actual PATH 
message from the sender, enter the following command: 


# /usr/sbin/rsvpstat -Sv 


To display receiver information, including the contents of the actual RESV 
message from the receiver, enter the following command: 


# /usr/sbin/rsvpstat -Rv 


See rsvpstat(8) for more information. 
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Internet Protocol Version 6 


In the early 1990s the members of the Internet community realized that the 
address space and certain aspects of the current TCP/IP architecture were 
not capable of sustaining the explosive growth of the Internet. The problems 
included the exhaustion of the Internet address space, the size of routing 
tables, and requirements for new technology features. 


The Internet Engineering Task F orce (IETF) made several efforts to both 
study and improve the use of the 32-bit Internet Protocol (I Pv4) addresses. 
They also tackled the longer-term goal of identifying and replacing protocols 
and services that would limit growth. 


These efforts identified the 32-bit addressing architecture of IPv4 as 

the principal problem, in terms of router overhead and of network 
administration. In addition, |Pv4 addresses were often unevenly allocated 
in blocks that were too large or too small, and therefore difficult to change 
within any existing network. 


InJ uly 1994, the Internet Protocol Next Generation (I1Png) directorate 
announced the | nternet Protocol Version 6 (IP v6) as the replacement network 
layer protocol, and |ETF working groups began to build specifications. See 
RFC 1752, “The Recommendation for the |P Next Generation Protocol,” for 
additional information on the |Pv6 protocol selection process. 


IPv6 is both a completely new network layer protocol and a major revision 
of the Internet architecture. As such, it builds upon and incorporates 
experiences gained with |Pv4. This chapter describes the following: 


¢ Terms 

e |Pv6 addressing 

¢ |Pv6 environment 

e |IPv6 configuration 

¢ Post-configuration tasks 
e IPv6 logging 


For troubleshooting information, see Section 15.4. 
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3.1 Terms 


The following terms are used in this chapter: 


node 
Any system that uses the IP v6 protocol to communicate. 


router 


A node that forwards IPv6 packets addressed to other nodes. These systems 
typically have more than one network interface card (NIC) installed and 
configured. 


host 

Any node that is not a router. 

link 

A medium or facility over which nodes communicate with each other at the 


link layer. Examples include Ethernet, FDDI, PPP links, or internet layer 
tunnels. 


interface 


A node’s attachment toa link, which is usually assigned an IPv6 address or 
addresses. This can bea physical NIC (for example, tuo or 1e0) or virtual 
network interface (for example, pppo). 


3.2 IPv6 Addressing 


This section is intended for those administrators who need an introduction 
to|Pv6 addressing. If you already know this information, you may skip to 
Section 3.3. 


The most noticeable feature of |Pv6 is the |Pv6 address itself. The address 
size is increased from 32 bits to 128 bits. This section describes the following: 


e Address text representation 
e Address autoconfiguration 

e Address resolution 

e Address assignment 


3.2.1 Address Text Representation 
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You can use the following syntax to represent I Pv6 addresses as text strings: 
XIXIXIXIX!XIXIX 


The x is a hexadecimal value of a 16-bit piece of the address. For example, 
the following addresses are |Pv6 addresses: 
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FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 
1070:0:0:0:0:800:200C:417B 


|Pv6 addresses can contain long strings of zero (0) bits. To make it easier to 
write these addresses, you can use the double colon characters (: :) onetime 
in an address to represent 1 or more 16-bit groups of zeros. For example, 
you can compress the second I Pv6 address example as follows: 


1070::800:200C:417B 


Alternatively, you can use the following syntax to represent | Pv6 addresses 
in an environment of both |Pv4 and I Pv6 nodes: 


X!X!X!X:X:X:0.d.d.d 


In this case, x is a hexadecimal value of a 16-bit piece of the address (six 
high-order pieces) and dis a decimal value of an 8-bit piece of address (four 
low-order pieces) in standard, dotted-quad I Pv4 form. For example, the 
following addresses are |Pv6 addresses: 


O:026s0402013 1.68.3 
0:0:0:0:0:FFFF:129.144.52.38 
When compressed, these addresses are as follows: 


Pri3.12.68.3 
::FFFF:129.144.52.38 


Like |Pv4 address prefixes, |Pv6 address prefixes are represented using 
the Classless Inter-Domain Routing (CIDR) notation. This notation has 
the following format: 


ipv6-address/prefix-length 


For example, you can represent the 60-bit hexadecimal prefix 
12AB00000000CD3 in any of the following ways: 


12AB:0000:0000:CD30:0000:0000:0000:0000/60 
12AB::CD30:0:0:0:0/60 
12AB:0:0:CD30::/60 


3.2.2 Types of Addresses 


There are three types of IP v6 addresses: 


¢ Unicast 
e« Anycast 
e Multicast 
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Note 


Unlike IPv4, IP v6 does not define a broadcast address. To get the 
function of a broadcast address, use a multicast address with 
link-local scope (See Section 3.2.2.2). 


The following sections describe only the unicast and multicast address types 
and provide examples. 


3.2.2.1. Unicast Address 


A unicast address is an identifier for a physical network interface. Packets 
sent to a unicast address are delivered to the node containing the interface 
identified by the address. 


Unicast addresses typically have the following format: 


0 128 
ZK-1291U-Al 


This address typically consists of a 64-bit prefix followed by a 64-bit 
interface 1D as follows: 


0 128 


64 bits 64 bits 


ZK-1292U-Al 
An interface ID identifies an interface on a link. Theinterface!D is required 
to be unique on a link, but may also be unique over a broader scope. In many 
cases, an interface’s ID is derived from its link-layer address. The same 
interface|D may be used on multiple interfaces on a single node. 


The following list describes commonly used unicast addresses and their 
values: 
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Unspecified address 


Indicates the absence of an address, and is never assigned to an 
interface. The unspecified address has the value 0:0:0:0:0:0:0:0in 
the normal form or : : in the compressed form. 


Loopback address 


Used by a node to send IP datagrams to itself, and is typically assigned 
to the loopback interface. The |Pv6 loopback address has the value 
0:0:0:0:0:0:0:1 inthenormal formor : :1 in the compressed form. 


IPv6 addresses with embedded | Pv4 addresses 


Used in mixed IPv4 and IP v6 environments, and can be either of 
the following: 


e |Pv4-compatible |Pv6 address 


Used by IPv6 nodes to tunnel IPv6 packets across an | Pv4 routing 
infrastructure. The |Pv4 address is carried in the low-order 32-bits. 
The format of this address is as follows: 


0000 0000 00000 IPv4 Address 


0 128 
80 bits 16 bits 32 bits 
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Note 


Do not use! Pv4-compatible|Pv6 addresses in DNS or 
the local /etc/ipnodes file. 


e |Pv4-mapped |Pv6 address 


Used torepresent an | Pv4 address and toidentify nodes that do not 
support | Pv6 (I Pv4-only nodes). It is not used in an IPv6 packet. 
The format of this address is as follows: 
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128 


{= 


: Y 
80 bits 16 bits 32 bits 


ZK-1294U-Al 


Local-use |Pv6 unicast addresses 
Can be either of the following: 
e¢ Link-local 


Used for addressing on a single link when performing address 
autoconfiguration, neighbor discovery, or when no routers are 
present. The format of this address is as follows: 


128 


o 


10 bits 54 bits 64 bits 
ZK-1295U-Al 
e Sitelocal 


Used for sites or organizations that are not connected to the global 
Internet. The format of this address is as follows: 


0 128 
10 bits 38 bits 16 bits 64 bits 
ZK-1296U-Al 


If you plan on using site-local addresses, be aware of the following 
guidelines: 


- Donot connect a single node to multiple sites. 
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- Donot use sitelocal addresses in the global DNS (the addresses 
cannot be visible outside the site). 


- Dynamic DNS updates for site-local addresses are not 
supported. 


- Donot advertise or propagate routes containing site-local 
prefixes outside the site. 


3.2.2.2 Multicast Address 


A multicast address is an identifier for a group of nodes, similar to an |Pv4 
multicast address. Multicast addresses have the following format: 


Flags Scope 


0 128 
8 bits 4 bits 4 bits 112 bits 
ZK-1303U-Al 
In the preceding address format, the fields have the following definition: 
11111111 Identifies the address as multicast. 
Flags Can be either of the following values: 0000, which 
indicates a permanently-assigned (well-known) 
multicast address, or 0001, which indicates a 


nonpermanently-assigned (transient) multicast 
address. 


Scope Indicates the scope of the multicast group. The 
following table lists the scope values: 


Value (Hex) Scope 


1 Node-local 
2 Link-local 
5 Sitelocal 
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8 Organization-local 


E Global 
Group ID Identifies the multicast group within the specified 
scope. 


Table 3-1 lists some well-known multicast addresses. 


Table 3-1: Well-known Multicast Addresses 


Multicast Address Meaning 

FFO2::1 All nodes (link-local) 
FFO2::2 All routers (link-local) 
FFO2::9 All RIPng routers (link-local) 


3.2.3 Address Prefixes 
Each IPv6 address has a unique pattern of leading bits that indicates its 


address type. These leading bits are named the Format Prefix. Table 3-2 
lists some of the |Pv6 address types and their prefixes. 


Table 3-2: IPv6 Address Types and Prefixes 


Address Type Prefix 
Aggregatable Global Unicast 2000::/3 
Link-local FE 80::/10 
Site-local FECO::/10 
Multicast FFOO::/8 


3.2.4 Address Autoconfiguration 
TheIPv6 address changes have lead to the following definitions for 
configuring addresses: 
e Stateless Address Autoconfiguration 
¢ Dynamic Host Configuration Protocol Version 6 (DHCP v6), which is 
stateful address autoconfiguration 


In the stateless model, nodes learn address prefixes by listening for Router 
Advertisement packets. Addresses are formed by combining the prefix with 
a datalink-specific interface identifier, which is typically derived from the 
datalink address of the interface. This model is favored by administrators 
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who do not need tight control over address configuration. See RFC 2462 
for more information. 


In DHCP v6, hosts may request addresses, configuration information 
and services from dedicated configuration servers. This model is 
favored by administrators who want to delegate addresses based on 

a client/server model. The DHCP v6 Internet Drafts are currently 
undergoing revision. See the Dynamic Host Configuration charter web 
page at http://(www.ietf.org/html.charter/dhc-charters.html for more 
information. 


Note 
This version of Tru64 UNIX does not currently support DHCP v6. 


In both cases, the resulting addresses have associated lifetimes, and systems 
must be able to acquire new addresses and release expired addresses. 
Combined with the ability to register updated address information with 
Domain Name Service (DNS) servers, these mechanisms provide a path 
towards network renumbering and provide network administrators with 
control over the use of network addresses without manual intervention on 
each host on the network. 


3.2.5 Address Resolution 


The Domain Name System (DNS) provides support for mapping names 
to|P addresses and mapping IP addresses back to their corresponding 
names. Because of the increase in size of the |Pv6 address, the DNS has 
the following new features: 


¢ AAAA resource record type. This holds IPv6 addresses, encoded in 
network byte order. The version of BIND shipped with operating system 
supports AAAA records. (BIND is the implementation of DNS shipped 
with Tru64 UNIX.) 


e AAAA query. A query for a specified domain name in the Internet class 
returns all associated AAAA resource records in the response. 


¢« |P6.INT domain for looking up a name for a specified address 
(address-to-name mapping). An |Pv6 address is represented in 
reverse order as a sequence of 4-bit nibbles separated by dots with 
the suffix .I1P6.INT appended. For example, the |Pv6 address 
4321:0:1:2:3:4:567:89ab has the following inverse lookup domain 
name: 


b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.IP6.INT 


See Section 8.5.1.1 for guidelines on configuring BIND in an IPv6 
environment. 
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3.2.6 Address Assignment 


|Pv6 addresses are now being deployed by the regional registries. See 
the IANA web page at http:/Awww.ipv6.org/iana-ann.html for more 
information. In addition, you can contact your Internet Service Provider 
(ISP) for an IPv6 address. 


Because of the need to test various implementations of the |Pv6 RFCs, the 
IETF has defined a temporary IPv6 address allocation scheme. You can 
assign the addresses in this scheme to hosts and routers for testing | Pv6 
on the 6bone. See the 6bone home page at the following location for more 
information on 6bone address allocation and assignment: 


http://www.6bone.net 


At the present time, the 6bone test addresses are aggregatable global 
unicast addresses. Contact your 6bone service provider (for example, 
gw-6bone@pa.dec.com) for a 6bone address delegation. 


The following sections describe the aggregatable global unicast addresses 
and the aggregatable testing addresses. 


3.2.6.1 Aggregatable Global Unicast Address Format 
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The aggregatable global unicast address format for |Pv6 is designed to 
support current provider-based aggregation and new exchange-based 
aggregation. Whether a site connects to a provider or to an exchange, 
the address format enables efficient route aggregation for either type. 
Aggregatable global unicast addresses have the following form. See RFC 
2374 for additional information. 


Format 


/ Pretix ; ui! a Reserved 


D Interface ID 


0 128 


3bits 13bits S8bits 24bits 16 bits 64 bits 
ZK-1301U-Al 
In the preceding address format, the fields have the following definition: 
Format Prefix 


The Format Prefix. For aggregatable global unicast addresses, the 
value for this field is 001. 
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TLA ID 
The Top-level Aggregation | dentifier. 


Reserved 


Reserved for future use. At present, set to all zeros (0). 


NLA ID 


The Next-level Aggregation | dentifier. These are assigned by the TLA 
1D administrator to create an addressing hierarchy and to identify 
end user sites. Each organization assigned a TLA ID is also assigned 
24-bits of NLA ID space whose layout and use is the responsibility 
of the organization. 


SLA ID 


The Site level Aggregation | dentifier. These are used by an end user 
site to create its own local addressing hierarchy and to identify subnets. 


Interface |D 


The 64-bit interface identifier of the interface that is connected to the 
link. 


3.2.6.2 Aggregatable Testing Address Format 
Aggregatable global unicast addresses for | Pv6 testing have the following 


form. See RFC 2471 for more information on the proposed testing address 
allocation plan. 


F pTLA ID 


Eo eeeeee pNLA ID | Interface ID 
ar 


128 
3bits 13bits S8hbits 24bits 16 bits 64 bits 
ZK-1341U-Al 


In the preceding address format, the fields have the following definition: 
001 


The Format Prefix for aggregatable global unicast addresses. 
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1111111111110 


The 6bone Top-level Aggregation (TLA) Identifier, Ox1F FE, reserved 
by the Internet Assigned Numbers Naming Authority (IANA), and 
used temporarily for |Pv6 testing. 


pseudo Top-Level Aggregation (pTLA) | dentifier 


ThelD assigned by the pTLA ID administrator to define the top level 
of aggegation (backbone sites) for the 6bone. 


pseudo Next-level Aggregation (pNLA) Identifier 


The!D assigned by the pTLA |D administrator to create an addressing 
hierarchy and toidentify end user sites on the 6bone network. 


Sitelevel Aggregation (SLA) I dentifier 


The!D assigned by an end user site to create its own local addressing 
hierarchy and toidentify subnets. 


Interface |D 
The 64-bit interface identifier of the interface that is connected to the 
link. 
For the most recent information about pTLA and pNLA assignments, see the 
6bone home page at the following location: 


http://www.6bone.net 


3.3 IPv6 Environment 
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This section shows some sample! Pvé6 configurations. Select a configuration 
that most closely matches the environment into which you want to configure 
IPv6 on your system. These configurations are used again in Section 3.4 to 
describe how to configure selected systems in each configuration. 


See the Technical Overview for a list of commands and daemons that are 
supported in an |IPv6 environment. See the Release Notes for a list of 
network interfaces that are supported for | Pv6. 


Figure 3-1 shows a simple LAN configuration in which Host A and Host 
B communicate using | Pv6. 
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Figure 3—1: Simple Host-to-Host Configuration 
fe80::0a00:2bff:fee2:1e10 fe80::0a00:2bff:fee2:1e11 


Key: 
== == = © |Pv6 packets (native) 


ZK-1348U-Al 
Figure 3-2 shows a simple LAN configuration in which Host A, Host B, and 


Router A communicate using | Pv6 and in which Host A and Host B obtain 
global addresses from Router A. 


Figure 3-2: Host-to-Host with Router Configuration 


Host A 


fe80::0a00:2bff:fee2:1e10 
dec:1:1::0a00:2bff:fee2:1e10 


fe80::0a00:2bff:fee2:1e11 
dec:1:1::0a00:2bff:fee2:1e11 


Key: 
= = = m m IPv6 packets (native) 
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Figure 3-3 shows a configuration in which two|Pv6 networks are connected 
through an IPv6 router, Router A. 
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Figure 3-3: IPv6 Network-to-IPv6 Network with Router Configuration 


dec:1:1::/64 


dec:1:2::/64 


Host C | Host D 
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Figure 3-4 shows a configuration in which four |Pv6 networks are connected 
using three routers. The three routers exchange routing information with 
each other using the RIPng protocol. 


Figure 3—4: Multiple IPv6 Networks and Multiple Routers Configuration 


dec:1:1::/64 dec:1:3::/64 


dec:1:2::/64 dec:1:4::/64 
Host C Host D | Host G Host H 
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Figure 3-5 shows a configuration in which Host A and Host B, connected to 
an |Pv4 network, communicate using | Pv6 through an I Pv4 tunnel. 
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Figure 3-5: Host-to-Host over Tunnel Configuration 


1.2.3.4 5.6.7.8 
fe80::1.2.3.4 J fe80::5.6.7.8 


Host B i 


v4/v6 


Key: 


=== === |Pv6 packets in an IPv4 tunnel 
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Figure 3-6 shows a configuration in which Host X is connected to an | Pv4 
network and Router A, an! Pv6 router, is connected tothe same! Pv4 network 
and also is connected to two! Pv6 networks. Host X communicates with H ost 
B using | Pv6 through an | Pv4 tunnel between Host X and Router A. 


Figure 3-6: Host-to-Router over Tunnel Configuration 


"Ai dec:1:1::/64 


fe80::5.6.7.8 
» dec:3:1::5.6.7.8 


dec:1:2::/64 
Host C | 
Key: 


= = = = = |Pv6 packets in an IPv4 tunnel 
=== m= m= [Pv6 packets (native) 
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Figure 3-7 shows a configuration in which four |Pv6 networks are connected 


through two routers and an | Pv4 network. Host A communicates with Host 
F through an |Pv4 tunnel between router A and router B. 
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Figure 3—7: IPv6 Network-to-IPv6 Network over Tunnel Configuration 


dec:1:1::/64 dec:2:1::/64 


IPv4 
Network 


dec:2:2::/64 
Host G Host H | 
Key: 


= = = = = |Pv6 packets in an IPv4 tunnel 
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3.4 Planning IPv6 


This section describes those tasks that you need to do before configuring 
IPv6. 


3.4.1 Verifying IPv6 Support in the Kernel 


3-16 


Verify that the IP Version 6 (IPV6) and |P-in-IP Tunneling (IPTUNNEL) 
support is in the kernel by issuing the following commands: 


# sysconfig -q ipv6é 
# sysconfig -q iptunnel 


If neither the ipvé: nor iptunnel: subsystem attributes are displayed, 
do the following: 
1. Build anew kernel by using the following command: 


# doconfig -c SYSTEM NAME 


Choose the IPV6 and IPTUNNEL options in addition to any other 
options that you want. 


2. Save the original kernel, then move the new kernel to the root directory. 


# mv /vmunix /vmunix.save 
# mv /sys/SYSTEM NAME/vmunix /vmunix 


3. Reboot the system. Make sure there are no other users on the system. 
Use a command similar to the following: 
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# shutdown -r +5 "Adding IPvé and IPTUNNEL kernel options ..." 


You are now ready to configure your system to communicate in an | Pv6 
network environment. 


3.4.2 Preparing for the Configuration 


After you verify |Pv6 support in the kernel, you configure your system 
to communicate in an |Pv6 network environment by running the | Pv6 
configuration utility, ip6 setup. The ip6é setup utility enables you to 
configure the following: 


¢ |Pv6 host 
e |Pv6 router 


When you run the ip6_ setup configuration utility, it gathers information 
from the system and prompts you for additional configuration information. 


Before you configure the |Pv6 network software, you must gather 
information about your system and network environment. Figure 3-8 
shows the Configuration Worksheet. The following sections describe the 
information that you need to record on the worksheet. 


If you are viewing this manual on line, you can use the print feature to 
print a copy of this worksheet. 
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Figure 3-8: Configuration Worksheet 


IPv6 Configuration 


IPv6 router: [_] yes [_] no 
DNS/BIND automatic updates (hosts only): [] yes [] no 


IPv6 interfaces: 


IPv6 routing over PPP (routers only): ] yes ] no 
Configured tunnel: [_] yes [_] no 
Automatic tunnel: [] yes [_] no 
Manual routes: yes no 
Start IPv6: yes no 
| DNS/BIND | ; 
Domain name: 


| Configured Tunnel | Tunnel aferace! 


Destination IPv4 address: 
Source IPv4 address: 


RIPng: [_]yes [-] no 


Address prefix: 
| Router] Interface: 
RIPng: Jyes [_] no 


Address prefix: 


Interface: 


RIPng: [_]yes [_] no 
Address prefix: 


| Manual Routes Routes Destination prefix: 


Interface: 
Next hop address: 


Destination prefix: 
Interface: 
Next hop address: 


IPv6 router 


If you want this system to function as an IPv6 router, check YES; 
otherwise, check NO. If you check NO, the system is configured as an 
IPv6 host. 


An |Pv6 router can advertise address prefixes to all hosts on connected 
links (for example, a LAN and a configured tunnel) and forward 
packets toward their destinations. Packets can be forwarded directly 
on link or over IPv4 tunnels. 


3-18 Internet Protocol Version 6 


DNS/BIND automatic updates (hosts only) 


If you want this system to record its addresses in the DNS/BIND 
database automatically, check YES; otherwise, check NO. If you check 
YES, you must configure your system as a DNS/BIND client and 
your DNS/BIND server must support dynamic updates to the DNS 
database. See Section 8.5.1.1 for information on configuring your 
DNS/BIND server. 


IPv6 interfaces 


Enter the device names of the network interface to the |Pv6 network. 
For example, leo and ftao. If you are creating a configured tunnel 
only on your system, enter none. 


IPv6 routing over PPP (routers only) 


If you want IPv6 routing to run over a PPP interface, check YES; 
otherwise, check NO. See ppp _manual_setup(7) for information on 
configuring a PPP interface. 


Configured tunnel 


If you want IPv6 to run over a configured IPv4 tunnel, check YES; 
otherwise, check NO. A configured tunnel has one source and one 
destination in an IPv4 network. Use configured tunnels instead of 
automatic tunnels. You can define multiple configured tunnels. 


Automatic tunnel 


If you want to configure |Pv6 torun over IPv4 automatic tunnels, check 
YES; otherwise, check NO. 


Manual routes 


If you want to configure routes to other systems manually, check YES; 
otherwise, check NO. 


On a router, you might want to configure static routes if one of the 
following conditions is true: 


¢« You want a configured tunnel and you are not advertising an 
address prefix on the tunnel link. 


e You want a configured tunnel and the router at the other end of the 
tunnel is not running the RIPng protocol. 


e Your system is not running the RIPng protocol. 


Internet Protocol Version 6 3-19 


On a host, you might want to configure static routes if you want a 
configured tunnel toa router and the router is not advertising itself as 
a default router on the tunnel link. 

Start IPv6 


If you want to start IPv6 directly from the configuration utility, 
ip6 setup, check YES. If you want to start |Pv6 during the next 
system boot, check NO. 


3.4.2.1 DNS/BIND 
Domain name 


The fully qualified domain name for your node. This consists of 
the host name and the DNS/BIND domain name (for example, 
host1.subdomain. example). 


3.4.2.2 Configured Tunnel 
Interface 
The name of the configured tunnel interface (for example, ipto, ipt1). 
The ip6 setup script supplies this value. 
Destination IPv4 address 
The remote node’s IP v4 address (the remote end of the tunne!). 


Source IPv4 address 
Your node’s |Pv4 address (this end of the tunnel). 


RIPng 


If your system is a router and you want the router to run the RIPng 
protocol on the tunnel link to exchange |Pv6 routing information with a 
router at the remote end of the tunnel, check YES; otherwise, check NO. 


Address prefix 


If your system is a router and you want to advertise address prefixes 
to the node at the remote end of the tunnel, enter a 64-bit prefix; 
otherwise, write DONE. 


If your system is an |Pv6 host and the router at the remote end of the 
tunnel is not advertising an address prefix, enter a 64-bit prefix to be 
configured on the tunnel interface. 
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3.4.2.3 Router 
Interface 


The name of the interface (LAN, PPP, or configured tunnel) on which 
you want to run the RIPng protocol or advertise an address prefix. 


RIPng 


If you want the router to run the RIPng protocol on the specified 
interface and to exchange | Pv6 routing information with other routers 
on the link (LAN, PPP, or configured tunnel), check YES; otherwise, 
check NO. 


Address prefix 


If you want to advertise address prefixes to all hosts on the link, enter 
a 64-bit prefix; otherwise, write DONE. 


If you write DONE, the router will not advertise an address prefix. All 
hosts must obtain their prefix information from another source. 


Prefixes in |Pv6 define a subnet, and are typically configured on a 
router for a specific link by the network administrator. The router 
advertises this prefix to all nodes connected to that link, along with the 
length of the prefix, whether the prefix is on link (that is, a neighbor), 
whether the prefix can also be used for stateless address configuration, 
and the length of time the prefix is valid. 


3.4.2.4 Manual Routes 
Destination prefix 


The address prefix of a remote |Pv6 network. The address prefix 
contains a Classless Inter-Domain Routing (CI DR)-style bit length, 
for example, 5F00::/8. If you want to use the default route, write 
DEFAULT. 


Interface 
The name of the interface through which you are sending traffic to 
the remote IPv6 network. 

Next hop address 


The IPv6 address of the first router in the path to the destination 
prefix. Write the link local address of the router. If the connection to 
the router is over an |Pv4 tunnel, write the link local |Pv6 address of 
the remote tunnel endpoint. 
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3.4.3 Configuring Systems in Sample IPv6 Configurations 


This section describes each sample configuration presented in Section 3.3 
and shows how selected systems are configured in each example. In some 
cases, this section presents additional options for you to consider in the 
configuration. 


3.4.3.1 Simple Host-to-Host Configuration 


In Figure 3-1, Host A and Host B use IP v6 link-local addresses. By default, 
the ip6é setup configuration utility automatically creates a link-local 
address for your system. The following is a sample completed worksheet 
for Host A: 


IPv6 Configuration 


IPv6 router: yes po 

DNS/BIND automatic updates: yes ho 
IPv6 interfaces: tud 

Configured tunnel: yes Apo 

Automatic tunnel: yes dpe 

Manual routes: es no 

Start IPv6: MA yes [_] no 


After configuring IP v6 on Host A, you edit the /etc/ipnodes file and put 
the link-local address for Host B in it. The configuration process for Host B 
in this configuration is similar to Host A’s. 


With this configuration, no global address prefix is advertised on the LAN. If 
you want to advertise a global address prefix, you could either configure one 
of the nodes as a router by using ipé_setup or add an IPv6 router tothe 
LAN configuration. An |Pv6 router advertises a global prefix on the link. 


You can usethe netstat -in command to view a local node's link-local 
and global addresses. 


If you were on Host A and wanted to connect to Host B using the telnet 
command, the format of the command is as follows: 
# telnet fe80::0a00:2bff£:fee2:1ell1 


Instead of specifying the link-local address, place the address and the node 
name in the /etc/ipnodes file. Then, use the node name as the argument 
to the telnet command. 


3.4.3.2 Host-to-Host with Router Configuration 


In Figure 3-2, Host A and Host B areon LAN with Router A. In this case, 
Router A advertises the global address prefix dec:1:1::/64 ontheLAN. 
Host A and Host B use this address prefix to create global |Pv6 addresses. 
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See Section 3.2.6 for more information on obtaining experimental testing 
addresses. The following is a sample completed worksheet for Router A: 


IPv6 Configuration 
IPv6 router: yes fe) 
Ar 


DNS/BIND automatic updates: 
IPv6 interfaces: 

Configured tunnel: 

Automatic tunnel: 

Manual routes: 

Start IPv6: 


yes 


Oo 


tu0d 


_] yes 


yes 


Ayes 


no 


| Router| Interface: _ tud 


RIPng: 
Address prefix: 


Interface: 


yes 


kA’no 


dec:1:1::/64 


RIPng: []yes [_] no 


Address prefix: 


After configuring |Pv6 on Router A, you can edit the /etc/ipnodes file 
and add the global addresses for the other nodes. You would also do this on 
Host A and Host B. Alternatively, you could establish DNS/BIND in your 
network using the global addresses. 


If you added a DNS/BIND server with dynamic updates enabled on the 
network, the worksheet for Host A would have the following information: 


DNS/BIND automatic updates: MHics [-] no 


| DNS/BIND | 
h 


osta.cor 


Domain name: 


-example 


3.4.3.3 IPv6 Network-to-IPv6 Network with Router Configuration 


In Figure 3-3, two |Pv6 networks are connected to each other through 
Router A and its multiple interfaces. The following is a sample completed 


worksheet for Router A: 
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IPv6 Configuration 
IPv6 router: yes fo) 


DNS/BIND automatic updates: yes Sro 


IPv6 interfaces: tuod tul 
Configured tunnel: [_] yes wi () 
Automatic tunnel: yes ~ in 
Manual routes: es Sno 
Start IPv6: Syes no 


| Router| Interface: tuod 


RIPng: yes Soo 


Address prefix: dec:1:1::/64 
Interface: _  tul 
RIPng: Clyes Ano 
Address prefix: dec:1:2::/64 


3.4.3.4 Multiple IPv6 Networks and Multiple Routers Configuration 


In Figure 3-4, four |Pv6 networks are interconnected to each other using 
the three routers. In this configuration, the routers must exchange routing 
information in order for the routers to learn the routes to other subnets in 
the network. To accomplish this, each router must run the RIPng protocol. 
The following is a sample completed worksheet for Router A: 


IPv6 Configuration 
IPv6 router: yes fe) 
Ar 


DNS/BIND automatic updates: yes fe) 
IPv6 interfaces: tuo tul 
Configured tunnel: [_] yes fe) 


Automatic tunnel: yes we 
Manual routes: Aas n 
Start IPv6: yes n 
[Router | Interface: tuo 


RIPng: Hyes no 


Address prefix: dec:1:1::/64 
Interface: tul 
RIPng: ys [_] no 
Address prefix: dec:1:2::/64 


The worksheets for the other routers are similar. 
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3.4.3.5 Host-to-Host over Tunnel Configuration 


In Figure 3-5, two|Pv6 systems communicate with each other over 
a configured tunnel through an I Pv4 network and use | Pv6 link-local 
addresses. The following is a sample completed worksheet for Host A: 


IPv6 Configuration 
IPv6 router: [ ] yes wh () 
Mn 


DNS/BIND automatic updates: [—] yes 0 
IPv6 interfaces: none 
Configured tunnel: yes []|,fo 
Automatic tunnel: [_] yes Ano 
Manual routes: [_] yes no 
Start IPv6: MA yes [-] no 
| Configured Tunnel | Tunnel laterace: ipto 
Destination IPv4 address: Bibs a8 
Source IPv4 address: 1.2.34 


RIPng: yes are 


Address prefix: 


After configuring |Pv6 on Host A, you edit the /etc/ipnodes file and put 
the link-local address for Host B in it. The configuration process for Host B 
in this configuration is similar to Host A’s. 


With this configuration, no global address prefix is advertised on the tunnel. 
If you want to advertise a global address prefix, you could configure one 

of the nodes as a router by using ipé_ setup. An|Pv6 router advertises 

a global prefix on the link. 


You can use the netstat -in command to view a local node’s link-local 
and global addresses. 


If you were on Host A and wanted to connect to Host B using the telnet 
command, the format of the command is as follows: 


# telnet £e680::5.6.7.8 


Instead of specifying the link-local address, place the address and the node 
name in the /etc/ipnodes file. Then, use the node name as the argument 
to the telnet command. 


3.4.3.6 Host-to-Router over Tunnel Configuration 
In Figure 3-6, Host X communicates with Host B over a configured tunnel 


through an IP v4 network; both nodes use! Pv6 addresses. The tunnel in this 
case is a between Host X and Router A. The following is a sample completed 
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worksheet for Host X when Router A is advertising itself as the default router 
for the tunnel link and advertising a global address prefix on the tunnel link: 


IPv6 Configuration 
IPv6 router: yes po 
n 


DNS/BIND automatic updates: yes fe) 
IPv6 interfaces: none 
Configured tunnel: yes (e) 


Automatic tunnel: [—] yes Pro 
Manual routes: es [no 
Start IPv6: Syes no 
| Configured Tunnel | Tunnel interlace: ipto 


Destination IPv4 address: 56's 78 
Source IPv4 address: 1.2344 


RIPng: yes win 


Address prefix: 


If Router A is not advertising a global address prefix on the tunnel link, the 
value dec:3:1::/64 would bein the Address prefix field in Configured 
Tunnel section of the Host X worksheet. If Router A is not advertising itself 
as the default router for the tunne! link, the following information would 
also be on the Host X worksheet: 


Manual routes: es | no 


pA Destination prefix: _default 


Interface: _ipto 
Next hop address: £e80::1.2.3.4 


The following is a sample completed worksheet for Router A when Router A 
is advertising a global address prefix on the tunnel link: 


Internet Protocol Version 6 


IPv6 Configuration 
IPv6 router: yes le) 


DNS/BIND automatic updates: 
IPv6 interfaces: 

Configured tunnel: 

Automatic tunnel: 

Manual routes: 

Start IPv6: 


yes 


Ano 


tud 


tul 


me 


yes 


es 
Syes 


| Configured Tunnel | Tunnel Interface: ipto 


560758 
123s 


Destination IPv4 address: 
Source IPv4 address: 


RIPng: 
Address prefix: 


yes 


Ano 


dec:3:1::/64 


If Router A is not advertising a global prefix on the tunnel link, the following 
information would be on the Router A worksheet. Note the manual route to 
Host X. Instead of specifying a destination network prefix, you specify the 
host route, dec:3:1::5.6.7.8, toHost X. Thenext hop is the link-local 
|Pv6 address of Host X’s tunnel interface, fe80::5.6.7.8. 


Manual routes: 


WUE) Destination prefix: 
Interface: 
Next hop address: 


Ais [_] no 


déer3:1325.6.7.8 


ipto 


£e80: 


256.0748 


3.4.3.7 IPv6 Network-to-IPv6 Network over Tunnel Configuration 


In Figure 3-7, Host A communicates with Host F over an configured tunnel 
through an | Pv4 network. The host configuration is similar tothat of Host A 
in Section 3.4.3.1. All nodes automatically use their default router in order 
to communicate with nodes on other networks. The following is a sample 
completed worksheet for Router A: 
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IPv6 Configuration 


IPv6 router: Hyes 


| 
DNS/BIND automatic updates: [] yes ro 
IPv6 interfaces: tud tul 
Configured tunnel: Nes ] po 
Automatic tunnel: [_] yes Hoo 
Manual routes: [_] yes no 
Start IPv6: yes [] no 
| Configured Tunnel | Tunnel lnterince: ipto 
Destination IPv4 address: 5.6.7.8 
Source IPv4 address: 1.2.3.4 


RIPng: Nes ] no 
Address prefix: 


| Router| Interface: tuod 
RIPng: ] yes no 


Address prefix: dec:1:1::/64 
Interface: _ tul 
RIPng: Cyes [no 
Address prefix: dec:1:2::/64 


You do not have to run RIPng on the tuo and tul1 interfaces because there 
are norouters attached to the interfaces. 


The configuration of Router B is similar, except that the source and 
destination addresses for the configured tunnel would be 1.2.3.4 and 
5.6.7.8, respectively, and the address prefixes advertised on tuo and tul 
would be dec:2:1::/64 and dec:2:2::/64, respectively. 


Note 


If the routers were not configured to use RIPng over the tunnel 
interface, each router would then need to specify a manual route 
to the other. 


3.5 Configuring IPv6 on Your System 


This section describes how to configure your system as either an | Pv6 host or 
an IPv6 router. 
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3.5.1 Configuring an IPv6 Host 


To configure an IP v6 host, do the following: 


10. 


11. 


Log in as superuser. 

Invokethe ipé_ setup utility by entering the following command: 
# /usr/sbin/ip6 setup 

The utility displays a status message. 


Press Enter to indicate that you want to configure the system as an 
|Pv6 host and not as a router. 


Indicate whether you want your DNS/BIND client to update I Pv6 
addresses in the DNS/BIND name database automatically. 


If you want to update! Pv6 addresses in the DNS/BIND name database 
automatically, enter y and press Enter; if you do not, press Enter and 
go to step 6. 


Enter the | Pv6 fully qualified domain name and press Enter. 


Enter the names of the |Pv6 LAN interfaces to use and press Enter. 
Separate multiple names by a space character. If you want to use the 
default, press Enter. If you are configuring a configured tunnel only, 
enter none. 


Indicate whether you want to create a configured tunnel or additional 
configured tunnels. 


If you want to create a configured tunnel or additional configured 
tunnels, enter y and press Enter; otherwise, press Enter and go to step 
11. 


Enter the tunnel’s destination | Pv4 address and press Enter. 


If you are finished creating configured tunnels, enter Done and press 
Enter. Goto step 11. 


Enter the tunnel’s source | Pv4 address and press Enter. If you want to 
use the default, press Enter. 


Indicate whether the host is to use an IP v6 address prefix on the tunnel 
interface. 


If you want the host to use an | Pv6 address prefix because a router is 
not advertising a global address prefix, enter the prefix and press Enter. 
Enter as many prefixes as you want. When you are finished entering 
prefixes for the interface, enter Done and press Enter. Gotostep 8. 


If you do not want the host to use an | Pv6 address prefix on the tunnel 
interface, enter Done and press Enter. Goto step 8. 


Indicate whether you want to configure an automatic tunnel. 
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12. 


13. 


14. 


15. 


16. 


17. 


If you want to configure an automatic tunnel, enter y and press Enter; 
otherwise, press Enter. 


Indicate whether you want to define manual routes to an adjacent 
router or remote |Pv6 network. 


If you want to manually define routes, enter y and press Enter. 


If you do not want to manually define routes, enter n and press Enter. 
Goto step 16. 


Enter the |Pv6 address prefix of the remote | Pv6 network and press 
Enter. When you are finished entering manual routes, enter Done and 
press Enter; goto step 16. 


Enter the name of the interface through which you will send traffic to 
the remote | Pv6 network and press Enter. 


Enter the link-local |Pv6 address of the first router in the path to the 
destination network and press Enter. This address together with the 
|Pv6 address prefix constitute the static routing table entry. Goto step 
13. 


The ip6é_ setup utility displays the configuration information and 
asks you to indicate whether you want to update the current startup 
procedures with the new configuration information. 


If you are not satisfied with the configuration, enter n and press Enter. 
The utility ends immediately without changing any of the current 
configuration files. 


If you are satisified with the configuration, enter y and press Enter. The 
ip6 setup utility updates the /etc/rc.config and /etc/routes 
files with the |Pv6 configuration information. 


If IPv6 is not currently running on your system, indicate whether you 
want to start |Pv6 now. 


If you want to start |Pv6 now, press Enter. The ipé_ setup utility 
starts | Pv6. 


If you do not want to start IPv6 now, enter n and press Enter. | Pv6 will 
start during the next system boot. 


If |Pv6 is currently running, indicate whether you want to restart it now. 


The /etc/rce.config file contains configuration information used by the 
system startup scripts to start | Pv6. 


3.5.2 Configuring an IPv6 Router 


3-30 


To configure an |Pv6 router, do the following: 


1. 


Log in as superuser. 
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Invokethe ipé_setup utility by entering the following command: 
# /usr/sbin/ip6 setup 

The utility displays a status message. 

Enter y and press Enter to configure the system as an I Pv6 router. 


Enter the names of the |Pv6 LAN interfaces to use and press Enter. 
Separate multiple names by a space character. If you want to use the 
default, press Enter. If you are configuring a configured tunnel only, 
enter none. 


Note 


The next two steps are used when configuring |Pv6 LAN 
interfaces, |Pv6 over PPP interfaces, and IPv6 over IPv4 
configured tunnel interfaces. F ollow the directions carefully. 


Indicate if the router is to run the RIPng protocol on the designated 
interface. 


If you want torun the RIPng protocol, press Enter; if you do not, enter 
n and press Enter. 


Indicate if the router is to advertise an |Pv6 address prefix on the 
designated interface. 


If you want the router to advertise an | Pv6 address prefix, enter the 
prefix and press Enter. Enter as many prefixes as you want. When you 
are finished entering prefixes for the interface, enter Done and press 
Enter. 


If you do not want the router to advertise an | Pv6 address prefix on the 
designated interface, enter Done and press Enter. 


If you are configuring additional LAN interfaces, goto step 5. 

If you are configuring PPP interfaces, go to step 8. 

If you are configuring I Pv6 over |Pv4 configured tunnels, goto step 10. 
Indicate if you want to use! Pv6 routing over PPP links. 


If you want to use| P v6 routing over PPP links, enter y and press Enter; 
otherwise, press Enter and go to step 9. 


Enter the name of the PPP interface over which torun IPv6 and press 
Enter. Goto step 5. 


If you are finished entering routing information for PPP interfaces, 
enter Done and press Enter. 


Indicate if you want to create | Pv6 over |Pv4 configured tunnels. 
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If you want to create configured tunnels, enter y and press Enter; 
otherwise, press Enter and go to step 12. 


10. Enter the tunnel’s destination |Pv4 address and press Enter. 


If you are finished creating configured tunnels, enter Done and press 
Enter. Goto step 12. 


11. Enter the tunnel’s source |Pv4 address and press Enter. If you want 
to use the default, press Enter. Go to step 5. 


12. Indicate if you want to configure an automatic tunnel. 


If you want to configure an automatic tunnel, enter y and press Enter; 
otherwise, press Enter. 


13. Indicate if you want to define manual routes to an adjacent router or 
remote IP v6 network. 


If you want to manually define routes, enter y and press Enter. 


If you do not want to manually define routes, enter n and press Enter. 
Go to step 17. 


14. Enter the |Pv6 address prefix of the remote | Pv6 network and press 
Enter. When you are finished entering manual routes, enter Done and 
press Enter. Go to step 17. 


15. Enter the name of the interface through which you will send traffic to 
the remote IPv6 network and press Enter. 


16. Enter the |Pv6 address of the next node in the path to the destination 
network and press Enter. This address together with the IPv6 address 
prefix constitute the static routing table entry. Go to step 14. 


17. Theipé setup utility displays the configuration information and 
asks you to indicate whether you want to update the current startup 
procedures with the new configuration information. 


If you are not satisfied with the configuration, enter n and press Enter. 
The utility ends immediately without changing any of the current 
configuration files. 


If you are satisified with the configuration, enter y and press Enter. The 
ip6 setup utility updates the /etc/re.config, /etc/routes, and 
/etc/ip6rtrd.conf files with the IPv6 configuration information. 
You can modify these values as necessary. 


18. If IPv6 is not currently running on your system, indicate whether you 
want to start IPv6 now. 


If you want to start IPv6 now, press Enter. The ipé setup utility 
starts IPv6. 


If you do not want to start IPv6 now, enter n and press Enter. | Pv6 will 
start during the next system boot. 
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If IPv6 is currently running, indicate whether you want to restart it now. 


The /etc/re.config, /etc/routes, and /etc/ipé6értrd.conf files 
contain configuration information used by the system startup procedures to 
start IPv6. You can edit them to change your configuration. 


3.6 Postconfiguration Tasks 


After using the ipé_ setup utility toinitially configure |Pv6, you might 
want to do the following: 


Connect to the 6bone network 

Initialize a new interface for |Pv6 

Create a configured tunnel 

Add addresses to or delete addresses from an interface 
Add or delete a default router 

Manually add a route for an onlink prefix 

Configure routing support in the kernel 

Edit the run-time configuration file (/etc/rc. config) 
Edit the router configuration file (/etc/ipértrd.conf) 
Tune the ipvé and iptunnel kernel subsystems 


The following sections describe these tasks. 


3.6.1 Connecting to the 6bone Network 


To connect to the 6bone, choose a 6bone point that appears to be reasonably 
adjacent to your normal | Pv4 paths into the | nternet. The 6bone Web site 
at http:/Awww.6bone.net contains information on how to join the 6bone 
and how to find an attachment point. 


If you want to connect to the 6bone through the Compag Palo Alto, CA site 
either before or after you configure! Pv6 on your host or router, complete the 
following steps: 


1. 


Register your |Pv4 tunnel by sending the |Pv4 address of your router 
to the following address: 


gw-6bone@pa.dec.com 


Wait for confirmation that support for your tunnel is configured at 
Compaq. Compaq will provide an | Pv6 global address prefix for you to 
use at your site and the! Pv4 address of the Compaq Palo Alto router. 


Configure your tunnel by running the ipé setup utility. See 
Section 3.5.1 for host configuration and Section 3.5.2 for router 
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configuration. Alternatively, you could run the iptunnel command 
(see Section 3.6.4). 

4. Verify that your tunnel is operational by issuing the ping command to 
one of the following Compag | Pv6 nodes: 
altavista.ipv6é.digital.com 


ftp.ipvé.digital.com 
www.ipv6é.digital.com 


For additional information on connecting to the 6bone, see the 6bone home 
page: 


3.6.2 Initializing a New Interface for IPv6 


In some cases, you might want to add a new interface card to your system 
or change an interface card from one type to another. After the new card is 
installed, you must initialize it for |Pv6 operation. To initialize an interface, 
use the ifconfig command with the following syntax: 


ifconfig device ipv6 up 


For LAN interfaces, the ifconfig command creates the link-local address 
(FE80::) and starts Duplicate Address Detection. 


For example, to initialize Ethernet interface 1no for use with I Pv6, enter 
the following: 

# ifconfig 1n0 ipvé up 

To initialize the loopback interface for use with | Pv6, enter the following: 
# ifconfig 100 ipvé up 

To initialize the automatic tunnel interface, enter the following: 

# ifconfig tun0 ipv6é up 

This chooses one of the system’s IP v4 addresses for use as the tunnel 
endpoint. 


If you are adding the interface card permanently, use the ip6é_setup utility. 


3.6.2.1 Setting the IPv6 Interface Identifier 
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You can set the |Pv6 interface|D at the same time you initialize an interface 
by using the ifconfig command with the ip6interfaceid parameter. 
For example, to initialize Ethernet interface 1no for use with IPv6 and set 
its interface! D tothe 64-bit value 0x0123456789abcdef, enter the following: 


# ifconfig 1n0 ip6éinterfaceid ::0123:4567:89ab:cdef ipvé up 


Although the interface |D is expressed in standard |Pv6 address format, 
only the low order 64 bits are used. 
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3.6.3 Removing IPv6 from an Interface 


Removing |Pv6 from an interface removes the | Pv6 configuration associated 
with the interface, including all |Pv6 addresses and IPv6 routes through the 
interface. To remove |Pv6 from an interface, use the ifconfig command 
with the following syntax: 


ifconfig device -ipv6é 


For example, to remove |Pv6 from Ethernet interface 1no, enter the 
following: 


# ifconfig 1n0 -ipv6 


3.6.4 Creating a Configured Tunnel 


To create a configured (manual) tunnel, use the /usr/sbin/iptunnel 
command with the following syntax: 


iptunnel create renotetunnd-endpoint [local-tunnd-endpoint] 


For example, to create a tunnel to the remote system 16 .20.136.47, enter 
the following command: 


# iptunnel create 16.20.136.47 
To initialize the tunnel for |Pv6 operation, enter the following: 


# ifconfig iptO ipvé up 


If you want this change to be permanent, use the ip6é setup utility. 


3.6.5 Adding an Address to an Interface 


To add or assign an IPv6 prefix to an interface and to direct the kernel to 
automatically append the interface identifier, use the if config command 
with the following syntax: 


ifconfig interface nameinet6 ip6prefix prefix 


The following example assigns the address dec: 2::0a00:2bff:fe12:3456 
to interface leo (the interface|D is 0a00:2bff£:fe12:3456): 


# ifconfig 1n0 inet6 ip6prefix dec:2::/64 


The ipé6éprefix parameter directs the kernel to automatically append the 
interface identifier to the address prefix. 


To add or assign a full |Pv6 address to an interface manually, use the 
ifconfig command with the following syntax: 


ifconfig interffacenameinet6 address 
The following example assigns the address dec: 2: :1 tointerface leo: 


# ifconfig 1n0 inet6 dec:2::1 
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Note 


For IPv6 hosts, the ndéhostd daemon configures interface 
prefixes automatically, depending on the contents of router 
advertisements. 


For IPv6 routers, the ipértrd daemon configures interface 
prefixes automatically, depending on the contents of the 
/etc/ipé6rtrd.conf file. 


3.6.6 Deleting an Address from an Interface 


To delete an IPv6 address from an interface manually, use the ifconfig 
command with the following syntax: 


ifconfig interfacenameinet6 delete address 
For example: 


# ifconfig 1n0 inet6 delete dec:2::1 


3.6.7 Adding or Deleting a Default Router 


To add a default router, use the route utility with the following syntax: 
route add -inet6 default route-address -dev interface 

For example: 

# route add -inet6 default fe80::0a00:2bff:fe12:3456 -dev led 
To delete a default router, use the route utility with the following syntax: 


route delete -inet6 default router-address -dev interface 
For example: 


# route delete -inet6 default fe80::0a00:2bff£:fe12:3456 -dev led 


Note 


For IPv6 hosts, the ndéhostd daemon performs the add and 
delete router operations automatically, depending on the contents 
of router advertisements. 


3.6.8 Manually Adding a Route for an Onlink Prefix 


After you manually add an address/prefix to an interface, you can also add a 
static route so that traffic to other nodes with the same prefix is sent directly 
to the destination rather than through a router. For example, if the prefix 
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DEC:5::/64 has been added to the Ethernet interface leo, which has been 
initialized with the link-local address fe80: :0a00:2bff:fe12:3456, the 
following command adds a route to neighboring nodes with the same prefix: 


# route add -ineté dec:5::/64 fe80::0a00:2bff:fe12:3456 -interface 


This command specifies that destinations with prefix 

dec:5::0/64 are reachable through the interface with address 
fe80::0a00:2bff:fe12:3456. In other words, dec:5::0/64 is an onlink 
prefix. 


Note 


For IPv6 hosts, the ndéhostd daemon automatically adds onlink 
prefixes, based on the contents of router advertisements. 


3.6.9 Configuring Routing Support in the Kernel 


3.6.10 


Before configuring a router, you must enable forwarding by setting the 
ipv6é forwarding and ipvérouter attributes of the ipvé kernel subsystem 
to 1. You set these attributes by entering the following sysconfig 
commands: 


# /sbin/sysconfig -r ipv6é ipvéforwarding=1 
# /sbin/sysconfig -r ipv6é ipvérouter=1 


These commands are typically executed by the system startup scripts on 
nodes configured as |Pv6 routers. 


Editing the Run-time Configuration File 


After you configure the system, either as an IPv6 host or an IP v6 router, 
the /etc/rc.config file contains information used by the system startup 
procedures to start |Pv6. You can modify this file as appropriate for your 
configuration by using the remgr command. The following variables are 
used by I Pv6: 


|IPV6="yes| no" 


If set to yes, starts |Pv6 during system startup. 


IP6DEV_n="dev" 


Specifies an |Pv6 device name. The device name must be in the 
rc.config file. Then valueis an integer number that starts at O and 
increments sequentially for each device. 
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IP6lF CONFIG n m="string" 


Specifies options and parameters to use on an ifconfig command 
line during system startup. The n value is an integer number that 
corresponds to the number in the ILP6éDEV_n variable Them valueis an 
integer that starts at 0 and increments sequentially for each ifconfig 
line needed for each device. 


NUM_IP6CONFIG="number" 


Specifies the number of | Pv6 devices configured. 


|P6ROUTE R="yes| no" 


If set to yes, configures the node as an |Pv6 router. Otherwise, 
configures the node as a host. 


IP6RTRD="yes| no" 


If set to yes, starts the |Pv6 router daemon, ipértrd, during | Pv6 
startup. 


IP6RTRD_FLAGS="string" 


Specifies a string of options and parameters to use in starting the 
ip6értrd daemon. 


ND6HOSTD="yes| no" 
If set to yes, starts the |Pv6 host daemon, ndéhostd, during |Pv6 
startup. 

ND6HOSTD_FLAGS="st ring" 


Specifies a string of options and parameters to use in starting the 
ndé6hostd daemon. 


IPTUNNEL_n="string" 


Specifies a string of options and parameters to use to create a 
configured tunnel during system startup. This variable is used only 
when the device specified with the IP6DEV_n variable is a configured 
tunnel (for example, ipto). 


Example 3-1 shows sample variables for an |Pv6 host in the 
/etc/re.config file. 
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Example 3-1: Sample IPv6 Host Configuration Variables 


IPV6="yes" 

IP6DEV_O="tu0" 
IP6IFCONFIG 0_0="ipvé up" 
IP6DEV_1="tuno" 
IP6IFCONFIG 1 0="ipvé up" 
NUM_IP6CONFIG=2 
IP6ROUTER="no" 
IP6RTRD="no" 
IP6RTRD_FLAGS="" 
ND6HOSTD="yes" 
ND6HOSTD_FLAGS="_ -u -n hostl.corp.com" 


Example 3-2 shows sample variables for an IPv6 router in the 
/etc/re.config file. 


Example 3-2: Sample IPv6 Router Configuration Variables 


IPV6="yes" 

IP6DEV_0O="tu0" 
IP6IFCONFIG 0_0="ipvé up" 
IP6DEV_1="tul" 
IP6IFCONFIG 1_0="ipvé up" 
NUM_IP6CONFIG=2 
IP6ROUTER="yes" 
IP6RTRD="yes" 

IP6RTRD FLAGS="/etc/ipé6rtrd.cont" 
ND6HOSTD="no" 

ND6HOSTD_ FLAGS="" 


Editing the Router Configuration File 


After you configure the system as an |Pv6 router, the ipértrd daemon 
sends out periodic router advertisements for the following reasons: 


e Advertise itself as a potential default router for I|Pv6 traffic. The|Pv6 
nodes on the link receive these advertisements as part of their Neighbor 
Discovery processing. 


e« Advertise an|1Pv6 address prefix, in which case |Pv6 nodes on the link 
perform address autoconfiguration. 


The /etc/ip6rtrd. conf file contains the configuration data needed to 
send Router Advertisement messages. This file is created when ip6é_ setup 
isrun, if the system is configured as a router. The link interface and 
advertised prefix are inserted, and other default values are used. You can 
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modify this file as appropriate for your network, for example, when using 
multiple prefix values. See ipé6rtrd.conf(4) for more information. 


Example 3-3 is a sample configuration file. 


Example 3-3: Sample ip6rird.conf File 


# 
# Sample ipértrd configuration file 
# 
interface tuo { 
MaxRtrAdvinterval 600 
MinRtrAdvinterval 200 
AdvManagedFlag 0 
AdvOtherConfigFlag 0 
AdvLinkMTU 1500 
AdvReachableTime 0 
AdvRetransTimer 0 
AdvCurHopLimit 64 
AdvDefaultLifetime 1800 
Prefix dec:1::/64 { 
AdvValidLifetime 1200 
AdvPreferredLifetime 600 
AdvOnLinkFlag 1 
AdvAutonomousFlag 1 


3.6.12 Tuning the Kernel Subsystems 


You can use either the sysconfig utility or dxkerneltuner totune the 
IPv6 subsystems. See sys_attrs_ipvé6(5)andsys attrs_ iptunnel(5) 
for information on tuning the |Pv6 subsystem and IP tunnel subsystem, 
respectively. 


3.7 IPv6 Daemon Log Files 
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Thendéhostd and ip6értrd daemons log informational and severe events 
in the /var/adm/syslog.dated/date/daemon.1log file. You can view 
the contents of this message file by using the Event Viewer that is part of 
the SysMan Menu utility. See Section 16.10 for more information about 
the Event Viewer. 


By default, the daemons do not log debug information. To enable logging of 
debug information for the ndéhostd daemon, issue the following commands: 


# remgr set ND6HOSTD FLAGS "-d -1 /usr/tmp/nd6hostd.log" 
# /usr/sbin/rcinet restart ipv6 
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To enable logging of debug information for the ip6értrd daemon, issue the 
following commands: 


# remgr set IP6RTRD FLAGS "-d -1 /usr/tmp/ip6rtrd.log" 
# /usr/sbin/rcinet restart ipv6 
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Asynchronous Transfer Mode 


Asynchronous Transfer Mode (ATM) networks provide the following 
capabilities: 


* Speeds from 25 M/bps to 622 M/bps or greater through cell-switching. 
¢« Multiple qualities of service. 


¢ Connection-oriented interconnection with resource reservation for 
individual connections. These connections might be for conversations 
between two applications or for a connection over which many 
conversations between many applications and protocols are multiplexed. 


ATM networks provide the high speed and the low latency (switched, full 
duplex network infrastructure) that applications, particularly those running 
on local area networks, require 


This chapter describes: 

¢ TheATM network environment 

¢« How toconfigure the ATM subsystem 
¢ How tomanage the ATM subsystem 


See the Asynchronous Transfer M ode guide for information about writing 
device drivers and kernel modules for ATM. For troubleshooting information, 
see Section 15.5. 


4.1 ATM Environment 


An ATM network consists of the following: 
¢« Switch 


A specialized system that maintains a list of virtual channel identifiers 
(VCls) and virtual path identifiers (VPIs), connects one end system to 
another, and forwards or switches ATM cells from one end system to 
another based on the VCI/VPI information contained in the cell. 


e« End system 


A system physically connected toa switch that communicates with other 
end systems through the switch. 
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In the operating system's ATM environment, the following configurations 
are possible: 


¢ Classical Internet Protocol (CLIP) 
¢ Local Area Network (LAN) emulation 
e IP switching 


The following sections describe each of these configurations and the roles of 
systems in each. 


4.1.1 Classical IP Environment 


The Classical IP environment, as described in RFC 1577, provides a 

basic means for carrying unicast IP traffic over ATM networks. In this 
environment, hosts that can communicate with each other are grouped into 
a Logical IP Subnetwork (LIS). An ATM network can contain multiple LISs. 
In aLlS, all hosts and routers have the following requirements: 


¢ Have thesame!P network/subnetwork number and mask. 
¢« Aredirectly connected tothe ATM network. 
e« Access members outside the LIS through a router. 


¢ For switched virtual circuits (SVCs), use Address Resolution Protocol 
(ARP) toresolve!P protocol addresses to ATM hardware addresses. F or 
SVCs and permanent virtual circuits (PVCs), use| nverse ARP to resolve 
ATM hardware addresses to|P protocol addresses. 


¢ Can communicate with all other members in the same LIS (mesh 
topology). 


Figure 4-1 shows an ATM network with two LISs. Host A and Host B are 
members of LIS 1; Host C, Host D, and Host E are members of LIS 2. The 
figure also shows a virtual circuit (VC) between Host A and the router and 
between Host E and the router. Although these hosts are connected to the 
same switch and might establish a VC for communications between each 
other, they cannot because all communications toa member of another LIS 
must go through a router. 
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Figure 4-1: Classical IP over an ATM Network 
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4.1.2 LAN Emulation Environment 


TheLAN Emulation (LANE) environment, as defined by the ATM Forum, 
groups hosts into an entity called an emulated LAN (ELAN). A LANE 
environment has the following characteristics: 


¢ Identifies hosts through their 48-bit media access control (MAC) 
addresses 


¢ Supports multicast and broadcast services either through 
point-to-multipoint connections or through a multicast server, unlike the 
Classical |P environment 


¢ Supports any protocol that uses an IEEE broadcast LAN 


In addition, LANE interfaces (elan) are supported by NetRAIN. See nr(7) 
for more information. 


Figure 4-2 shows an ATM network with two emulated LANs. Host A and 
Host B are LAN Emulation Clients (LECs) on ELAN 1. Host C, Host D, and 
Host E areLECs on ELAN 2. The LECS (LAN Emulation Configuration 
Server), the LES (LAN Emulation Server), and the BUS (Broadcast and 
Utility Server) are depicted as two separate systems, although these server 
functions are typically resident on an ATM switch. 
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Figure 4-2: Emulated LAN over an ATM Network 
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4.1.3 IP Switching 


Note 


IP switching support is provided for backward compatibility only; 
it will be retired in a future release. Do not use it to develop 
new applications. 


ThelP switching environment consists of one or more hosts connected to an 
IP switch. Each host is connected to the IP switch through a point-to-point 
physical connection, with each physical connection as a separate subnet. 
Communication between the host and the IP switch occurs over dynamically 
created PVCs. 


ThelP switch is atypical ATM switch with added IP controller software 
that performs IP routing and IP traffic classification functions. In this 
environment, a series of packets moving from one host to another with 
the same protocol type, type of service, and other characteristics indicated 
in the packet header is called a flow. When the IP controller identifies 

a flow that is of long duration, it instructs the ATM switch to make the 
appropriate hardware connections and to forward the ATM cells directly to 
the destination, bypassing the IP controller. This increases throughput at 
the switch and throughout the network. 


The operating system's IP switching implementation is based on the | psilon 
Networks, Inc. reference model and has the following characteristics: 


¢ Supports IP traffic only 
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Supports multicast and broadcast services 
Does not require systems to function as ARP servers or multicast servers 


Uses the | psilon Flow Management Protocol (IF MP) to exchange control 
information with the IP switch 


Does not require that ATM Forum signaling (options UNI3X) be 
configured on the system 


Requires fewer configuration steps than Classical |P and LAN emulation 


IP switching over ATM has the following restrictions: 


Only one IP switching interface (ips) per host is supported. 


If using a driver for IP switching, you may not use other ATM protocols 
on that driver. 


The tcpdump and packet filter utilities are not Supported on an 
ips interface. 


Figure 4-3 shows a simple ATM network with an IP switch, IP switch 
gateway, some hosts, and a legacy LAN network. Host A (16.1.1.5), Host B 
(16.1.1.2), and the IP switch gateway (16.1.1.10) are on separate subnets 
(16.1.1.4/30, 16.1.1.0/30, and 16.1.1.8/30). The |P switch gateway runs a 
routing protocol and advertises routes to other subnets to hosts on the 
legacy LAN. 


Figure 4-3: IP Switching over an ATM Network 
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For the IP switching subnetworks, the recommended network mask length 
is 30 bits. This allows for two bits for each host address, one bit for the 
subnetwork address, and one bit for the broadcast address. Using large 
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netmasks helps to conserve IP address space on subnetworks that have 
a few hosts attached. 


4.2 Planning ATM 


This section describes the tasks you need to complete before configuring 
the ATM software. 


4.2.1 Verifying That the ATM Subsets Are Installed 
Verify that theATM subsets areinstalled by entering the following command: 


# setld -i | grep ATM 
If all of the subsets are not installed, install them by using the set1d 
command. For more information on installing subsets, see set 1d(8), the 
Installation Guide, or the System Administration manual. 

Note 


You do not have to install the OSFATMBINOBJECT subset. 


4.2.2 Configuring ATM into the Kernel 


After you install the ATM subsets, verify that the ATM support you require 
is in the kernel by issuing the following commana: 

# sysconfig -q atm 

If atm: is not displayed, login as superuser and complete the following steps: 
1. Build anew kernel by issuing the doconfig command. If you are 


unfamiliar with rebuilding the kernel, see the Systen Administration 
manual. 


2. When prompted, select one or more of the kernel options described in 
Table 4-1. 
Note 


If the ATM hardware is already installed, options ATMiS 
automatically selected as a mandatory option. 


3. Reboot your system with the new kernel by issuing the following 
command: 


# shutdown -r now 


This command immediately shuts down and automatically reboots the 
system. 
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Table 4-1: ATM Kernel Options 


Option Purpose 

options ATM For base ATM support (required) 

options UNI3X For ATM Forum signaling with either LANE or 
Classical | P 

options ATMILMI3X For ATM Forum Integrated Layer Management 
Interface (ILMI) support 

options ATMIP For Classical |P services 

options LANE For ATM ForumLAN Emulation (LANE) 

options ATMIFMP For IP switching 


4.2.3. Preparing for the Configuration 


After verifying that ATM support is in the kernel, you can configure ATM. 
To configure ATM, you need to configure an ATM adapter and one or more 
of the following interfaces: 


¢« A Classical IP logical interface 
e ALAN Emulation logical interface 
e« An IP switching logical interface 


The type of information you need depends on the environment you want to 
set up and use. 


4.2.3.1. Adapter Information 
Figure 4-4 shows the ATM Setup Worksheet. The following sections explain 


the information you need to record on this worksheet. If you are viewing this 
manual on line, you can use the print feature to print a copy of the worksheet. 
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Figure 4-4: ATM Setup Worksheet 


Adapter name: 


ROM ESls: 
More ESIls: 
Network layer: SONET [-] SDH [_] 
Flow control: Yes | No | 
ILMI: Yes | No | 
Signaling: Yes | No [ 
VC accounting: Yes | No | 
UNI version: 3.00] 3.10] 


Adapter name 


The device names of the ATM network interfaces. For example, the 
1ta network interface. 


ROM ESIs 


The ROM end system identifier (ESI) addresses of the adapter that you 
want to register with the system and the local switch. If you want to 
register all of the adapter’s ROM ESI addresses, leave this blank. 


Depending on the number of address prefixes assigned by the switch, 
you can create one or more ATM addresses. The driver can control 
up to 64 ROM ESI addresses, though adapters generally have only a 
few ROM ESI addresses. 


More ESIs 


Additional ESI addresses that you want to register with the system 
and the local switch. An ESI address has twelve hexadecimal digits. 


Network layer 


If you want to enable Synchronous Optical Network (SONET), on the 
adapter, check SONET. If you want to enable Synchronous Digital 
Hierarchy (SDH) mode on an ATM adapter that supports both SONET 
and SDH physical interfaces, check SDH. 


Flow control 


If you want to enable vendor-specific flow control on the adapter, check 
Yes; otherwise, check No. The adapter must support this type of flow 
control. Compaq adapters and switches support F_LOWmaster vendor 
flow control. 
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ILMI 


If you want to enable the Integrated Layer Management I nterface 
([LMI) on the adapter, check Yes; otherwise, check No. You must enable 
ILMI when using Classical IP over switched virtual circuits (SVCs). 


Signaling 


If you want to enable signaling on the adapter, check Yes; otherwise, 
check No. You must enable signaling when using Classical |P over 
SVCs. 


VC accounting (signaling only) 
If you want to enable logging of virtual circuit (VC) releases, check 
Yes; otherwise, check No. 

UNI version (signaling only) 


The signaling version to use on the adapter. If you want to use 
User-Network Interface (UNI) Version 3.0, check 3.0. If you want to 
use UNI Version 3.1, check 3.1. The default is 3.0. 


4.2.3.2 Classical IP Information 


Figure 4-5 shows the ATM Classical IP Worksheet. The following sections 
explain the information you need to record on this worksheet. If you are 
viewing this manual on line, you can use the print feature to print a copy 
of the worksheet. 
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Figure 4—5: ATM Classical IP Worksheet 


ATM hosts file ATM address: Host name: Alias: 


LIS LIS number: 


ARP ARP: Client [_] Server 
ATM address: 
IP address: 
PVC VCI: 
VPI: 


Remote Classical IP: Yes [_] No[_] 
Remote IP address: 


ATM address 


The ATM addresses of the ATM ARP servers on your ATM network to 
add to the /etc/atmhosts file. 


Host name 


The names of ATM ARP servers on the ATM network to be added to 
the /etc/atmhosts file. 


Alias 


The aliases, if any, of ATM ARP servers to be added to the 
/etc/atmhosts file. 


LIS number 


A Logical IP Subnet (LIS) interface number. You can create multiple 
LIS interfaces on an ATM driver. 


ARP 


If you want your system to function as an ARP server, check Server; 
otherwise, check Client. 
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ATM address (ARP client only) 


TheATM address of the ATM ARP server, either a host name or alias 
that appears in the /etc/atmhosts file or a 40-digit ATM End System 
Address (AESA) with selector byte. The ARP server must also be on 
the ATM network. 


Note 
TheATM Forum now calls an NSAP-style address an AESA. 


IP address (ARP client only) 
ThelP address of the ATM ARP server machine. 


VCI (PVCs only) 
The virtual channel identifier (VCI) for the PVC. 


VPI (PVCs only) 
The virtual path identifier (VPI) for the PVC. 


Remote Classical IP (PVCs only) 


If the remote host supports Classical IP as defined in RFC 1577, check 
Yes; otherwise, check No. 


Remote IP address (PVCs only) 
If the remote host does not support Classical |P, enter the remote host’s 
IP address. 


4.2.3.3 LAN Emulation Information 


Figure 4-6 shows the ATM LAN Emulation Worksheet. The following 
sections explain the information you need to record on this worksheet. If you 
are viewing this manual on line, you can use the print feature to print a 
copy of the worksheet. 
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Figure 4-6: ATM LAN Emulation Worksheet 


ATM hosts file ATM address: Host name: Alias: 


LANE 
ELAN number: 


ELAN name: 


Mode: Default LECS Specific LECS [] LES [] 
LECS name: 
LES name: 

MTU size: 1516 4544 [|] 9234 18190 [_] 


ATM address 


TheATM addresses of the LAN Emulation Servers (LES) on your ATM 
network to add tothe /etc/atmhosts file. 


Host name 


The names of the LES on the ATM network to be added to the 
/etc/atmhosts file. 


Alias 

The aliases, if any, of the LES to be added tothe /etc/atmhosts file. 
ELAN number 

A LAN Emulation Client (LEC) interface unit number. 


ELAN name 


The name of the emulated LAN to join; this is optional. The emulated 
LAN name must already be configured on the ATM switch. If the 
name is not configured on the ATM switch, the LEC joins the default 
emulated LAN. 
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Mode 


If you want to contact the default LAN Emulation Configuration Server 
(LECS), check Default LECS. The LEC contacts the LECS by using 

an ILMI MIB request to obtain the LECS address. If the request is 
unsuccessful, the LEC uses the well-known address for the LECS. If 
you want to contact a specific LECS, check Specific LECS. In either 
case, the LEC contacts a LECS to obtain a LES address. 


If you want to contact the LAN Emulation Server (LES) directly, check 
LES. 


LECS name 


TheATM address of the LECS, either a host name or alias that appears 
in the /etc/atmhosts file or a 40-digit ATM AESA address with 
selector byte. If you want to contact a specific LECS, enter the LECS 
address; you can specify up to four. 


LES name 


The ATM address of the LES, either a host name or alias that appears 
in the /etc/atmhosts file or a 40-digit ATM AESA address with 
selector byte. If you want the LEC to godirectly tothe LES and bypass 
the configuration phase, enter the LES address. 


MTU size 


The maximum transmission unit (MTU) size. The following MTU sizes 
are supported: 1516, 4544, 9234, and 18190. When specified with a 
virtual LAN name, the emulated LAN must already be configured 

on the ATM switch to support the specified MTU size. If it is not 
configured for the specified MTU size, the request is ignored. 


4.2.3.4 IP Switching Information 


Figure 4-7 shows the ATM IP Switching Worksheet. The following sections 
explain the information you need to record on this worksheet. If you are 
viewing this manual on line, you can use the print feature to print a copy 
of the worksheet. 
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Figure 4—7: ATM IP Switching Worksheet 


ATM IP Switching Worksheet 


Hosts file Host name: Internet address: Alias: 


IP switching 

Adapter name: 
ips number: 
SNAP VCI: 


Routing: gated{[_] routed[_] _ static routes |_|] 


Static routes 
Destination: 
Gateway: 
Netmask: 


Host name 


The names of hosts on the subnetwork to be added tothe /etc/hosts 
file. 


Internet address 


The IP addresses of hosts on the subnetwork to be added to the 
/etc/hosts file. 


Alias 


The aliases, if any, of hosts on the subnetwork to be added to the 
/etc/hosts file. 


Adapter name 


The device names of the network interfaces. For example, the lta 
network interface. 
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ips number 
The IP switching (ips) interface number. If you are using multiple 
adapters, each adapter is assigned a separate interface number. 
SNAP VCI 


The Virtual Channel Identifier (VCI) number that | psilon Flow 
Management Protocol (IF MP) uses as the default Subnetwork 
Attachment Point (SNAP) VCI. The default VCI is 15. This number 
must match the VCI number that IF MP uses on the destination host or 
switch associated with the point-to-point interface. 


Routing 


The method you use to update your internal routing tables. If you use 
the gated daemon, check gated. If you use the routed daemon, check 
routed. If you use static routes, check static routes. 

Destination (static routes only) 


ThelP address of the destination subnetwork. 


Gateway (static routes only) 


ThelP address of the !P controller on the!P switch. 


Netmask (static routes only) 


The netmask for the destination subnetwork. 


4.3 Configuring ATM 


After you complete the required ATM planning and you install the 
appropriate ATM hardware, you can configure the ATM software. Use the 
ATM Configuration application of the Common Desktop Environment (CDE) 
Application Manager to configure ATM. You can configure the following: 


¢ ATM adapter 

¢ Classical IP 

« LAN Emulation 
e IP Switching 


To use the ATM Configuration application, invoke the SysMan Menu 
application as specified in Section 1.1.1, then see Section 4.3.1 for further 
instructions. 
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Optionally, you can use the atmsetup script that was available in previous 
releases by executing the atmsetup -old command. See the online help 
and atmsetup(8) for more information. 


4.3.1 Configuring an ATM Adapter 


Before you can configure ATM logical interfaces, you must configure an 
adapter. To configure an ATM adapter, do the following: 


1. Fromthe SysMan Menu, select Networking—Basic Network 
Services—Set up Asynchronous Transfer Mode (ATM) to display the 
ATM Configuration main window. 


Alternatively, enter the following command on a command line: 
# /usr/sbin/sysman atm 

Or, enter: 

# atmsetup 


The ATM Configuration main window displays the unconfigured 
adapters, configured adapters, and configured logical interfaces. 


Select an adapter from the Unconfigured Adapters field. 
Select Configure. The Configure/M odify Adapter dialog box is displayed. 


If you do not want to register all ROM Endpoint System Identifiers 
(ESIs) for the adapter, select Register ROM ESI. By default, all of the 
adapter’s ROM ESI addresses are registered. 


5. If you want to register additional ESIs (called soft ESIs) for the adapter, 
select Register Soft ESI. 


6. If you want to set transmit Constant Bit Rate (CBR) or pacing options 
for the adapter, select Set CBR/Pacing Options. The Set CBR/Pacing 
Options dialog box is displayed. When you are finished, select OK to 
close the dialog box and save the changes. 


7. Indicate the type of network physical layer you want the adapter to 
support: SONET or SDH. 


8. Indicate whether you want to enable flow control (F_LOWmaster) on 
the adapter. 


9. Indicate whether you want to enable Integrated Local Management 
Interface (ILMI) on the adapter. 


10. Indicate whether you want to enable signaling on the adapter. 


11. Indicate whether you want to enable the logging of all virtual circuit 
(VC) releases. 


12. Select a User-Network Interface (UNI) version. 
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13. Select OK to accept the configuration and close the Configure/M odify 
Adapter dialog box. You can now configure an ATM logical interface. 


You can also modify your adapter configuration. See the online help and 
atmsetup(8) for more information. 


4.3.2 Configuring Classical IP 


Before you configure Classical |P, you must configure an ATM adapter. 
Configuring Classical IP on your host consists of the following steps: 
Creating PVC mappings on your ATM switch (PVCs only). 

Adding servers the atmhosts file. 

Adding hosts to the hosts database. 

Running the ATM Configuration application. 

Configuring the Classical IP logical interface. 

Adding static routes (SVCs only). 


“Sou fF WN 


Verifying the PVC Configuration (PVCs only). 


The following sections describe these steps. 


4.3.2.1 Creating PVC Mappings on Your ATM Switch 


If you are going to use PVCs and your environment requires an ATM switch, 
you need to create PVC mappings on the switch. The method for creating 
these mappings depends on the type of ATM switch you use. See your ATM 
switch documentation for more information. 


4.3.2.2 Adding Servers to the atmhosts File 


You edit the /etc/atmhosts file to add the address of the ATM ARP server 
on your ATM network. The /etc/atmhosts file contains mappings of ATM 
host names to ATM hardware addresses. This file can also contain ATM 
ESIs and AESAs for specific services on the ATM network. Putting entries 
in this file enables you to specify the address or service by name instead of 
specifying a long hexadecimal string. 

Entries in the /etc/atmhosts file can be one of the following: 

« A comment, denoted by a pound sign (#) as the first character 


e« An address specification 


The address specification is similar to that of IP addresses in the 
/etc/hosts file, and has the following format: 


atm_addr hostname|[ alias... ] 
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The atm_addr parameter can consist of ESIs or AESAs. 


The following table lists the address type and the number of hexadecimal 
address digits required for each type: 


Address Type Number of Address Digits 

ESI Twelve hexadecimal digits 
AESA Thirty-eight hexadecimal digits 
AESA with selector byte Forty hexadecimal digits 


The hostname parameter can contain any printable character. 


The following example shows entries in the /etc/atmhosts file: 


08002b2fe740 myhost.esi |1 
47840£01020300002122313208002b2fe740 myhost 2 
47840£01020300002122313208002b2fe7403a myhost.ip [8 


1] Specifies an ESI to usein registering myhost with the switch. 


2] Specifies the AESA of myhost. This is the network prefix andthe ESI, 
and is the address that the network recognizes. 


3] Specifies the AESA with selector byte of a service on myhost for the 
operating system's implementation of RFC 1577, Classical |P and ARP 
ove ATM. 


Note 


By default, the atmhosts file contains an entry for PVCs. Do 
not delete or modify this entry. 


4.3.2.3 Adding Hosts to the hosts Database 


You add the IP addresses for all ATM hosts that will be on any Logical IP 
Subnet (LIS) to which the host will connect tothe hosts database. Make 
sure you have the IP addresses for the local host and the ATM ARP server. 
Depending on your environment, host names and addresses can bein the 
local /etc/hosts file or in one of the files distributed with DNS or NIS. 


You can enter these IP addresses in the /etc/hosts file either by editing 
the file itself or by running the SysMan Menu application of the CDE 
Application Manager. See Section 2.3.7 for more information. 
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4.3.2.4 Running the ATM Configuration Application 


To configure Classical |P on your system, do the following: 


1. 


10. 


From the SysMan Menu, select Networking—Basic Network 
ServicesSet up Asynchronous Transfer Mode (ATM) to display the 
ATM Configuration main window. 


Alternatively, enter the following command on a command line: 
# /usr/sbin/sysman atm 

Or, enter: 

# atmsetup 


The ATM Configuration main window displays the unconfigured 
adapters, configured adapters, and configured logical interfaces. 


Select Add. The Add Interfaces dialog box is displayed. 


Select Classical 1P. The Add Interfaces dialog box closes. The 
Add/M odify Classical IP Interface dialog box is displayed. 


Choose the adapter on which you want to add a Classical | P logical 
interface. 


If you do not want to use the default logical interface number, enter 
a different number. 


Indicate whether your system is to act as an ARP client or an ARP 
server. 


If the system is to be an ARP client, enter the ARP server’s ATM 
address or alias. Then, enter the ARP server’s|P address. 


If you are going to specify PVCs for the logical interface, select PVCs. 
The Add/M odify PVC dialog box is displayed. Do the following: 


Enter a virtual path identifier (VPI) for the virtual circuit. 
Enter a virtual channel identifier (VCI) for the virtual circuit. 


c. Indicate whether the remote host entity supports Classical IP as 
defined in RFC 1577. 


d. If the remote host does not support Classical IP, enter the remote 
host’s IP address. 


e. Select OK to accept the configuration and close the Add/M odify 
PVC dialog box. 


Select OK to close the Add/M odify Classical IP Interface dialog box. 


Select OK in the ATM Configuration main window to save the changes. 
If no ATM interface exists on the system, the Start ATM Now dialog box 
is displayed. If you want tostart ATM the ATM subsystem, select OK; 
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otherwise, select No. If you select No, you must reboot the system to 
start the ATM subsystem. 


If an ATM interface exists on the system, the Reboot Required dialog 
box is displayed. Select OK to acknowledge the message. You must 
reboot the system to start the ATM subsystem. 


You can also modify your adapter configuration. See the online help and 
atmsetup(8) for more information. 


4.3.2.5 Configuring the Classical IP Logical Interface 


After you run the ATM Configuration application and start the ATM 
components (either from within the application or by rebooting the system), 
you can configure the Classical IP (lis) interface. To configure the lis 
interface, see Section 2.3.1. 


4.3.2.6 Adding Static Routes (SVC only) 


Depending on your network topology and the number and configuration of 
logical IP subnetworks (LISs) in your network, you might need to add static 
routes to other hosts if you want a connection to a host that is on another 
LIS subnet. To add a static route to the routing tables, see Section 2.3.6. 


4.3.2.7 Verifying the PVC Configuration (PVCs only) 


After the PVC is configured, verify the configuration by issuing the 
atmarp -a command. Output similar to the following appears if the PVC is 


configured: 

# atmarp -a 

Number of entries : 1 

IP Address : atm66 (16.142.128.66) 

ATM Address : PVC 

Flags : Complete Permanent 

VCs.: vpi vei VC Type 
0 999 PVC 


4.3.3 Configuring LAN Emulation 


Configuring LAN emulation on your host consists of the following steps: 


1. Adding servers tothe atmhosts file. 
2. Adding hosts to the hosts database. 
3. Running the ATM Configuration application. 
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4. Configuring the LAN Emulation logical interfaces 


The following sections describe these steps. 


4.3.3.1 Adding Servers to the atmhosts File 


You edit the /etc/atmhosts file only if you want to specify a LAN 
Emulation Server (LES) address or LAN Emulation Configuration Server 
(LECS) addresses on your ATM network. The /etc/atmhosts file contains 
mappings of ATM host names to ATM hardware addresses. This file can also 
contain ATM ESIs and AESAs for specific services on the ATM network. 


See Section 4.3.2.2 for more information on editing the /etc/atmhosts file 


4.3.3.2 Adding Hosts to the hosts Database 


You add the IP addresses for all ATM hosts that will be on any emulated 
LAN (ELAN) to which the host will connect tothe hosts database. Make 
sure you have the IP addresses for the local host. Depending on your 
environment, host names and addresses can bein the local /etc/hosts file 
or in one of the files distributed with DNS or NIS. 


You can enter these IP addresses in the /etc/hosts file either by editing 
the file itself or by running the SysMan Menu application of the CDE 
Application Manager. See Section 2.3.7 for more information. 


4.3.3.3. Running the ATM Configuration Application 
To configure LAN emulation on your system, do the following: 


1. Fromthe SysMan Menu, select Networking—>Basic Network 
Services—Set up Asynchronous Transfer Mode (ATM) to display the 
ATM Configuration main window. 


Alternatively, enter the following command on a command line: 
# /usr/sbin/sysman atm 

Or, enter: 

# atmsetup 


The ATM Configuration main window displays the unconfigured 
adapters, configured adapters, and configured logical interfaces. 


Select Add. The Add Interfaces dialog box is displayed. 


Select LAN Emulation. The Add Interfaces dialog box closes. The 
Add/Modify LAN Emulation I nterface dialog box is displayed. 


4. Choosethe adapter on which you want to add a LAN Emulation logical 
interface. 
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5. If you do not want to use the default logical interface number, enter 
a different number. 


6. If you want to join a specific emulated LAN, enter the name of the 
emulated LAN you want to join. 


7. Choose the mode by which your system will be registered into the 
emulated LAN. If you choose to contact a specific LAN Emulation 
Configuration Server (LECS) (the second choice), also enter the LECS 
name or alias. If you choose to contact a LAN Emulation Server (LES) 
directly (the third choice), also enter the LES name or alias. 


8. If you want to specify an MTU size other than the default 1516, choose 
another MTU size. 


9. Select OK toclose the Add/Modify LAN Emulation | nterface dialog box. 


10. Select OK inthe ATM Configuration main window to save the changes. 
If no ATM interface exists on the system, the Start ATM Now dialog box 
is displayed. If you want to start ATM the ATM subsystem, select OK; 
otherwise, select No. If you select No, you must reboot the system to 
start the ATM subsystem. 


If an ATM interface exists on the system, the Reboot Required dialog 
box is displayed. Select OK to acknowledge the message. You must 
reboot the system to start the ATM subsystem. 


Note 


You can join an ELAN on an ATM switch only once for each 
adapter; do not join the same ELAN multiple times from the same 
adapter. If you want to join the same ELAN on the same switch, 
you must install another adapter and join the ELAN fromit. 


You can also modify your adapter configuration. See the online help and 
atmsetup(8) for more information. 


4.3.3.4 Configuring the LAN Emulation Logical Interfaces 


After you run ATM Configuration and start the ATM components (either 
from within the application or by rebooting the system), you configure the 
LAN Emulation (elan) interface. To configure the elan interface, see 
Section 2.3.1. 


4.3.4 Configuring IP Switching 


Configuring !P switching on your host consists of the following steps: 


1. AddingIP addresses to the hosts file 
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2. RunningtheATM Configuration application to create the |P Switching 
logical interface 


3. Configuring the IP Switching logical interface 
4. Adding routes to the routing table 


The following sections describe these steps. 


4.3.4.1. Adding IP Addresses to the hosts File 


You edit the /etc/hosts file to add the IP addresses for each IP switching 
subnetwork to which the host will connect. For each subnet, add a pair of IP 
addresses for each end of the point-to-point link (host side and IP controller 
side), the IP address of the subnet, and the broadcast address of the subnet. 
For example, an /etc/hosts file for the configuration in Figure 4-3 is as 
follows: 


# IP Switching subnet A 
16.1.1.4 networka-net 


16.7405.0.25 hosta.corp.com hosta atm5 
16.41 2026 ipsctrlhosta.corp.com ipsctrlhosta atm6 
161. died networka-broadcast 

# IP Switching subnet B 

16:5:1 1.0 networkb-net 

16.1.1.1 ipsctrlhostb.corp.com ipsctrlhostb atml1 
16..1..1.2 hostb.corp.com hostb atm2 
163 desl 3 networkb-broadcast 


# IP Switching subnet C 

16..1...1.:8 networkc-net 

16 Aeaek9 ipsctrlhostc.corp.com ipsctrlhostc atm9 
16.1.1.10 ipgwy.corp.com ipgwy atm10 
16.1.1.11 networkc-broadcast 


You can enter these IP addresses in the /etc/hosts file either by editing 
the file itself or by running the SysMan Menu application of the CDE 
Application Manager. See Section 2.3.7 for more information. 


4.3.4.2 Running the ATM Configuration Application 
Do the following to configure|P switching on your system: 


1. Fromthe SysMan Menu, select Networking—Basic Network 
Services—+Set up Asynchronous Transfer Mode (ATM) to display the 
ATM Configuration main window. 


Alternatively, enter the following command on a command line: 
# /usr/sbin/sysman atm 
Or, enter: 


# atmsetup 
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The ATM Configuration main window displays the unconfigured 
adapters, configured adapters, and configured logical interfaces. 


Select Add. The Add Interfaces dialog box is displayed. 


Select IP Switching. The Add Interfaces dialog box closes. The 
Add/M odify IP Switching Interface dialog box is displayed. 

Choose the adapter on which you want to add an IP Switching logical 
interface. 


If you do not want to use the default logical interface number, enter 
a different number. 


If you want to change the virtual channel identifier (VCI) information 
from the default, select Options. The Modify IP Switching Options 
dialog box is displayed. Do the following: 


a. Enter a SNAP VCI value, if other than 15 (the default). 


Note 


This SNAP VCI number must match the VCI number 
that IF MP uses on the switch associated with the 
point-to-point interface. 


b. Enter a range of VCls to use for transmitting and receiving 
connections. 


c. Select OK to save the changes and close the Modify IP Switching 
Options dialog box. 


Select OK to close the Add/M odify IP Switching Interface dialog box. 


Select OK in the ATM Configuration main window to save the changes. 
If no ATM interface exists on the system, the Start ATM Now dialog box 
is displayed. If you want tostart ATM the ATM subsystem, select OK; 
otherwise, select No. If you select No, you must reboot the system to 
start the ATM subsystem. 


If an ATM interface already exists on the system, the Reboot Required 
dialog box is displayed. Select OK to acknowledge the message. You 
must reboot the system to start the ATM subsystem. 


You can also modify your adapter configuration. See the online help and 
atmsetup(8) for more information. 
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4.3.4.3 Configuring the IP Switching Logical Interfaces 


After you run ATM Configuration and start the ATM components (either 
from within the application or by rebooting the system), you configure the IP 
Switching (ips) interface. To configure the ips interface, see Section 2.3.1. 


4.3.4.4 Adding Routes 


Depending on your network topology and the number of interfaces on your 
host, you might need to add routes to other hosts if your system has multiple 
interfaces and the default route is to another gateway on another network. 
Do either of the following: 


Run either gated or routed to automatically update your system’s 
routing tables. 


Add a static route to the routing tables for the destination network. 
Select Networking—Configuration—Static Routes from the SysMan 
Menu. This opens the Static Routes File dialog box. You need to specify 
the IP address of the destination subnetwork and address of the IP 
controller on the IP switch. For example, if you were configuring IP 
switching on Host A in Figure 4-3 and you wanted to route all traffic on 
all 16.1.1 networks through the IP switch, you would specify 16.1.1/24 
as the destination address in Classless I nter-Domain Routing (CI DR) 
format and 16.1.1.6 as the gateway address. 


Add entries for each additional network with which your system needs to 
communicate. See Section 2.3.6 for more information. 


4.4 Managing the ATM Environment 


Managing the ATM environment consists of managing the following 
components: 


ATM networking and displaying information about ATM networks 
The signaling module 

The Classical |P environment 

The LAN Emulation environment 

IP switching 

ATM subsystem messages 


The following sections describe how to manage these components. 
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4.4.1. ATM Networking and Displaying Information About ATM 
Networks 


To manage ATM networking and to display information about the ATM 
networks, you use the atmconfig command. The command controls only 
the base ATM modules and device drivers; it does not control specific 
convergence modules or signaling protocols. You can use the atmconfig 
command to do the following: 


e Enable and disable device drivers 

¢« Create and destroy PVCs 

¢ Destroy SVCs 

¢« Create and destroy ESIs 

¢ Display the currently active VCs and driver status 
¢ Process configuration batch files 


See atmconfig(8) for more information. 


4.4.2 The Signaling Module 
To manage ATM UNI signaling on the end system, you use the atmsig 
command. The atmsig command allows you to: 
¢ Display state information about the signaling module 
¢ Disable and enable the ILMI and signaling 


e« Read and modify the various timer values and statistics for Q.SAAL 
and Q.93B (2931) 


The signaling module is associated with a specified interface at all times, 
which is identified by the driver name. If the interface is disabled, the 
signaling module is also disabled. The signaling module must be enabled 
again when the interface is brought back on line. 


See atmsig(8) for more information. 


4.4.3 The Classical IP Environment 
To manage Classical |P on an end system, you use the atmarp command. 
The atmarp command allows you to: 
¢« Create a logical IP subnet (LIS) interface 
¢ Create and delete entries in the ATM ARP table 
¢ Display entries in the ATM ARP table 
¢ Toggle the permanent flag for entries 
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Display the local host’s ATM configuration status 


Create and remove an association between an established VC anda 
remote IP entity that does not support Classical | P 


See atmarp(8) for more information. 


4.4.4 The LAN Emulation Environment 


Managing the LAN emulation environment consists of the following tasks: 
¢ Managing LAN Emulation Clients (LECs) 


Displaying the LAN Emulation Address Resolution Protocol (LE-ARP) 
table 


The following sections describe these tasks. 
4.4.4.1 Managing LAN Emulation Clients 


To manage LAN Emulation Clients (LECs), you use the atmelan command 
The atmelan command allows you to: 


Create and configure LAN Emulation Clients (LEC) as network 
interfaces 


Display counters, parameters, and the state of each LEC 


See atmelan(8) for more information. 
4.4.4.2 Displaying the LE-ARP Table 


To display the LE-ARP table for each elan interface, you use the learp 


command. The command displays the address mappings for the emulated 
LAN. Each entry consists of the Media Access Control (MAC) address, state, 
ATM address, and flags. See learp(8) for more information. 


4.4.5 IP Switching 


To manage IP switching on an end system, you use the atmifmp command. 
The atmifmp command allows you to: 


e« Enable and disable|P switching 
Display IP switching configuration 
Display or clear IP switching statistics 
Display IP switching flow information 


See atmifmp(8) for more information. 
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4.4.6 ATM Subsystem Messages 


The ATM subsystem logs status and error messages in the 
/var/adm/syslog.dated/date/kern.1log file. You can view the contents 
of this message file by using the Event Viewer that is part of the SysMan 
Menu utility. See Section 16.10 for moreinformation about the E vent Viewer. 


By default, the ATM subsystem logs subsystem initialization messages, 
important state changes, and significant error conditions. To increase the 
message level displayed by all ATM subsystem components, enter the 
following: 

# sysconfig -r atm global msg level=2 


You can also increase the message for individual subsystem components. F or 
example, if you want to increase the message level for LANE to view session 
initialization information, enter the following: 


# sysconfig -r lane lane msg level=2 


See sys_attrs_atm(5) for more information. 
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Dynamic Host Configuration Protocol 


Dynamic Host Configuration Protocol (DHCP) enables you to centralize and 
automate |P address administration. Using a graphical application, you 
can configure several computers at once, ensuring that configurations are 
consistent and accurate. Even portable computers can be automatically 
configured each time they attach to the network. 


This chapter describes: 
¢ TheDHCP implementation on Tru64 UNIX systems 


¢ How toconfigurea DHCP server by using the xjoin and SysMan Menu 
utilities 

¢ How toconfigurea DHCP server tosupport BOOTP clients 

¢ How to manage DHCP client addressing 


The implementation of DHCP in Tru64 UNIX is based on J OIN® Server 
Version 4.1 from J OIN Systems, Inc. For additional information about 
DHCP, see the DHCP(7) reference page and the] OIN Server Administrator’s 
Guide. The latter is provided by J OIN Systems in HTML format, and it can 
be accessed by opening the following file with a web browser: 


/usr/doc/join/TOC.html 


For troubleshooting information, see Section 15.6. 


Note 


Starting with Tru64 UNIX Version 4.0F, DHCP database files 
were stored in a new format that is incompatible with older 
formats. An online document explains the reasons behind this 
change, lists the files that are affected, and provides instructions 
for converting the files to the new format. The document, 
README -DB237, and conversion utility, conv185-237, arelocated 
in the /etc/join directory. 
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5.1 DHCP Environment 


In the DHCP environment, systems can have the following roles: 


e« Server — A system that offers DHCP and BOOTP services to other 
systems on the network. Multiple servers can exist on a subnetwork, but 
each server’s IP address range cannot overlap. If a cluster member is to 
support a DHCP server, there can be only one DHCP server for all of the 
cluster members using a common database with failover. 


¢ Client — A system that requests configuration information froma DHCP 
server. A cluster member must never be a DHCP client. Use static 
addressing for cluster members. 


Figure 5-1 shows a sample corporate LAN, named acme-net, in which a 
DHCP server is configured to supply IP addresses to clients in three different 
functional areas. In this configuration, the router must be configured to 
forward BOOTP packets. DHCP packets are BOOTP packets with DHCP 
extensions. See the bprelay(8) reference page for more information. 


Figure 5-1: DHCP Configuration (acme-net) 
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5.1.1 DHCP Parameter Assignment 


In the DHCP environment, DHCP parameters can be assigned to the 
following named entities: 
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¢« Groups — Group parameters apply to all clients (nodes) on the network 
that share the same configuration values. By grouping these clients 
together, you can simplify the implementation and maintenance of your 
network configuration. You define a parameter once for a group instead 
of once for each individual node. After the group parameters are defined, 
you can use the settings for other subnetwork or node configurations. 


You can group nodes by logical area, by functional area, by physical area, 
or in any way you want. Groups can also be grouped together with other 
groups, subnetworks, and nodes. 


¢ Subnetworks — Subnetwork parameters apply to all clients (nodes) on a 
subnetwork. A subnetwork can also be considered a group, but a group 
that also shares a common subnetwork address. Subnetworks can be 
grouped together with other subnetworks and nodes. 


« Nodes — Node parameters apply to an individual client (node) in the 
network, and typically override subnetwork or group parameters. 


These entities and their parameters have a hierarchical relationship to each 
other in your network. For example, Figure 5-1 shows a small business 
network named acme-net, comprising two subnetworks and three distinct 
groups, Accounting, Sales, and Engineering. A DHCP administrator might 
look at this network as one group named acme-net, consisting of two 
subnetworks, floor1 and floor2, that contain the individual nodes. 


The acme-net group, at the top level of the hierarchy, specifies those 
parameters that apply to all systems in the network. At the next level, the 
floor1 subnetwork specifies those parameters that apply to all nodes on that 
subnetwork and the floor2 subnetwork specifies those parameters that apply 
to all nodes on that subnetwork. If it were necessary to assign parameters 
on a group basis, the administrator could have the floor1 subnetwork consist 
of the Accounting and Sales groups, with the individual nodes assigned 

to their respective groups. However, since these groups are on the same 
subnetwork, this is probably unnecessary. 


If Figure 5-1 showed a single LAN with no subnetworks (no router), a DHCP 
administrator might look at this network as one group named acme-net, 
consisting of three groups (Accounting, Sales, and Engineering) that contain 
the individual nodes, respectively. 


Groups can also be used to define a group of settings for one Ethernet or 
subnetwork number, allowing you to reuse the settings for other nodes or 
subnetwork configurations. 


5.1.2 DHCP and Security 


You can restrict client access tothe DHCP server by creating a Media Access 
Control (MAC) address database. Only those clients with addresses in the 
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database are allowed to receive an IP address. See Section 5.8 for more 
information. 


5.2 Planning DHCP 


This section describes those tasks you need to do before configuring DHCP. 


5.2.1 Verifying Installation of the DHCP Software 
For a DHCP server system, verify that the DHCP server is installed by 
entering the following command: 


# setld -i | grep OSFINET 


If the subset is not installed, install it by using the set 1d command. For 
more information on installing subsets, see the set 1d(8) reference page, the 
Installation Guide, or the System Administration manual. 


For DHCP client systems, the DHCP client software is installed with the 
mandatory subsets. 


5.2.2 Preparing for the Configuration 
After you verify that the DHCP software is installed, you can configure 
DHCP by using the xjoin utility to: 
¢ Specify server parameters 
¢ Specify basic DHCP parameters for groups, subnetworks, and nodes 
The information you need depends on how you define the DHCP 


environment. The following sections contain worksheets that you can use to 
record the information required to configure DHCP. 


5.2.2.1 Server/Security Parameters 


Figure 5-2 shows the DHCP Server/Security Parameters Worksheet. If 
you are viewing this manual online, you can use the print feature to print 
this worksheet. The following sections explain the information you need 
to record on the worksheet. 
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Figure 5-2: DHCP Server/Security Parameters Worksheet 
DHCP Server/Security Parameters Worksheet 


BOOTP address from pool: True False [_] 
BOOTP compatibility: True False [_] 
Default lease time: —_ 
Name service: /etc/hosts DNS NISL] 
Ping timeout: — 
Provisional time to live: 
Restrict to MAC address: True False 


IP ranges 
Subnetwork address: 
DHCP server: 
IP ranges: 


Host name lists 
Domain name: __ SSS 
DHCP server: 
Host name prefix: _ 


Host names: 


BOOTP address from pool 


If you want the DHCP server to allocate an address from the pool to 
BOOTP clients, check True. The address allocation is permanent. If 
you want the DHCP server to support BOOTP clients whose address 
is configured in the /etc/bootptab file (the usual method), check 
False; this is the default. 


BOOTP compatibility 


If you want the server to act as a BOOTP Server in addition toa DHCP 
server when a client requests a BOOTP address, check True. For no 
BOOTP client support, check False. If you want to configure a BOOTP 
server only, see Section 5.10. 


Default lease time 


The default time (in days, hours, minutes, and seconds) of a client’s 
DHCP lease, unless one is explicitly configured for the node, 
subnetwork, or group. 
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Name service 


The name service to be used by the server. A name service must 

be configured for the DHCP server. The name service is used to 
authenticate, route, address, and perform naming-related functions for 
other systems on the network. The following types of name services 
can be used by the server: 


« A Local Name Service updates the /etc/hosts file with 
information about dynamically assigned names and addresses. 


« The Domain Name System (DNS) automatically translates host 
names to their numeric |P address. 


¢ TheNetwork Information Service (NIS) allows you to distribute 
host name information in a network. 


Ping timeout 


The time (in milliseconds) for the ping timeout. The ping command is 
used to determine if a client on your network is available. When the 
ping program sends a request to the client, the client responds tothe 
request and includes its |P address in the response. The Ping timeout 
parameter is used to check that no other client is using an IP address 


prior to it being assigned by the server. After the timeout, the ping 
command stops checking. 


Provisional time to live 


The maximum time (in hours, minutes, and seconds) that an |P address 
remains on the provisionally allocated list before it can be allocated to 
another client. This prevents an 1P address from being reused too 
quickly after a lease has expired. 


Restrict to known MAC address 


If you want toassign an IP address toa client’s matching MAC address, 
check True; otherwise, check False. See Section 5.8 for additional 
information on restricting client access to the server. 


IP ranges are those IP addresses available for assignment to clients on 
the network. Although multiple DHCP servers can reside on the same 
subnetwork, the IP address ranges administered by each server must not 
overlap. For IP ranges, supply the following information: 


Subnetwork address 


Subnetworks are logical subdivisions of a single TCP/IP network. 
The subnetwork IP number identifies one segment of the network. 
As the number of networks grows, routing |P addresses can get very 
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complicated. Using subnetworks allows more flexibility when assigning 
network addresses and simplifies the administration of network 
numbers. The IP address consists of the following information: 


¢ Network address 
¢ Subnetwork address 
¢ Host address 


TheIP address is divided into four fields, each separated by a period. 
Each field represents an element of the address; for example, the 
following is a typical IP address: 


128.174.139.47 


In this example, 128.174 is the network address, 139 is the 
subnetwork address, and 47 is the host address; therefore, the full 
subnetwork address is 128.174.139.0. 


DHCP server 
The IP address of the DHCP server. 


IP ranges 


The group of unique IP addresses to be assigned to clients on the 
selected subnetwork. Using the previous subnetwork address as an 
example, if there are 25 clients on the subnetwork, the range of | P 
addresses is: 128.174.139.47 t0128.174.139.72. 


A subnetwork address can have more than one corresponding | P 
Address Range. 


The DHCP server can configure clients on more than one subnetwork 
as long as the routers between the server and the client forward 
BOOTP packets. See Section 5.2.2.2 and the bprelay(8) reference page 
for information about boot file and BOOTP parameters. 


A host name list contains the names that are assigned clients when they 
are also assigned an IP address. For host name lists, supply the following 
information: 


Domain name 


A domain represents computers that are grouped together for 
administrative reasons. Domain names are usually assigned toa 
company, and make administering the domain easy. For example, if 
a domain is changed to have access to a new service on the network, 
each computer that is part of the domain automatically has access 
to the new service. 
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Write down the domain name exactly as it was assigned by the NIC 
Domain Registrar, and include its top-level domain extension; for 
example, school .edu, company.com, and city.gov. 


DHCP server 
The IP address of the DHCP server. 


Host name prefix 


A specific host name prefix that is assigned to a system when the 
system requests a host name and there are no host names available for 
assignment. For example, in the company.com domain, if the names 
in the Host name list box are all assigned and the host name prefix is 
net12host, the next computers to request host names will receive 
net12hosti1, net12host2, and soon as their host names. 


Host names 


The host names to be assigned to systems that request them. 


5.2.2.2 Information for Basic DHCP Parameters 


Figure 5-3 shows the Basic DHCP Parameters Worksheet. If you are 
viewing this manual online, you can use the print feature to print this 
worksheet. The following sections explain the information you need to 
record on the worksheet. 
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Figure 5-3: Basic DHCP Parameters Worksheet 


Basic DHCP Parameters Worksheet 


Configuration type: Node[_] Subnet [_] Group [] 
Configuration name: 
Member of group: 
Group members: 
Net or subnetwork IP address: 
Hardware address: 
Hardware type: 
| BOOTP Parameters | Parameters 
Boot file: 
Boot file server address: 
Boot file size: 
DNS domain name: 
DNS server IP addresses: 


Home directory: 
Host IP address: 
Routers: 


Send client's host name: True[_] False (_] 
Subnetwork mask: 
TFTP root directory: 
Broadcast address: 


Subnetworks are local: True[_] False 
Supply masks: True[_] False 


DHCP rebinding time: 
DHCP renewal time: 
Lease time: 


Configuration type 


For node configuration, check Node. For subnetwork configuration, 
check Subnet. For group configuration, check Group. 


Configuration name 


The name of the node, group, or subnetwork. 


Member of group 


For node, subnetwork, and group configurations, the name of 
a configuration from which to inherit DHCP parameter values. 
Parameters defined for that group also apply to this configuration. 
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Group members 
For group configuration, the nodes, subnetworks, and groups that 
compose this group. 

Net or subnetwork IP address 


For subnetwork configuration, the |P address of the subnetwork. 
The IP address format is ddd.ddd.ddd.ddd. For example, if your 
subnetwork is 16.128, enter 16.128.0.0; you must indude the 
trailing zeros. 


Hardware address 


For node configuration, the Ethernet address of the client node. 


Hardware type 
For node configuration, a descriptive name to identify the system. 
For node, subnetwork, and group configuration, BOOTP parameters allow 


you to specify how to pass configuration information to hosts on the network. 
For BOOTP parameters, supply the following information: 


Boot file 
The fully qualified path name of the client’s default boot image. 


Boot file server address 


The IP address of the server that stores the boot file. The!P address 
format is ddd. ddd. ddd. ddd. 


Boot file size 


The length, in 512-octet blocks, of the default boot image for the client. 
The file length is specified as a decimal number. 


DNS domain name 


The domain name the client uses when resolving host names using 
the Domain Name System. 


DNS server IP addresses 


A list of IP addresses of DNS name servers available to the client, in 
order of preference. The address format is ddd. ddd. ddd. ddd. 
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Home directory 


The pathname for the boot file, if it is not specified in the boot file name. 


Host IP address 
The host IP address for BOOTP clients. The address format is 
ddd. ddd.ddd. ddd. 

Routers 
A list of IP addresses for routers. The address format is 
ddd. ddd.ddd. ddd. 

Send client’s host name 
If you want to send the client’s host name, check True. If you do not 
want to send the client’s host name, check False. 

Subnetwork mask 


The client’s subnetwork mask. A subnetwork mask allows the addition 
of subnetwork numbers to an address, and provides for more complex 
address assignments. If both the subnetwork mask and the router 
option are specified ina DHCP reply, the subnetwork mask option must 
be specified first. The subnetwork mask format is ddd. ddd. ddd. ddd. 


TFTP root directory 
The root directory for Trivial File Transfer Protocol (TFTP). 


For subnetwork and group configuration, |P layer parameters affect 
the operation of the |P layer on a per-host basis. The required IP layer 
parameters are as follows: 


Broadcast address 
The broadcast address in use on the client’s subnetwork. The address 
format is ddd. ddd. ddd. ddd. 

Subnetworks are local 


If all subnetworks of the IP network to which the client is connected use 
the same maximum transfer unit (MTU) as the subnetwork to which 
the client is directly connected, check True; otherwise, check False. It 
is recommended for the client to assume that some subnetworks of the 
directly connected network have smaller MTUs. 
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Supply masks 


If the dient responds to subnetwork mask requests using |CMP, check 
True; otherwise, check False. 


For a list of additional parameters and a description of each, see the} OIN 
Server Administrator’s Guide (/usr/doc/join/TOC.html). 


For node, group, and subnetwork configuration, lease parameters allow 
you to specify information about IP lease times. Lease times determine 
the length of time an IP address is used. For the lease parameters, supply 
the following information: 


DHCP rebinding time 
The time interval (in seconds) from address assignment until the client 
requests a new lease from any server on the network. 
DHCP renewal time 
The time interval (in seconds) from address assignment until the client 
attempts to extend the duration of its lease with the original server. 
Lease time 


The amount of time (in months, days, hours, minutes, and seconds) 
the DHCP server will allow a DHCP client to use an IP address; 
for example, 2 months 5 days 45 minutes. The actual lease time is 
negotiated between the client and server. 


5.3 Configuring a DHCP Server 


Use the xjoin application to configure a DHCP server. To start the 
application, enter the following command: 


# /usr/bin/X11/xjoin 

You can configure the following server information: 
¢ Server/Security parameters 

¢« IP ranges 

¢ Host names 

e Subnetworks 

¢ DHCP client nodes 

¢« Groups 


To update the server so that the new configuration takes effect, click on 
the Add/U pdate button in the lower right-hand side of the window. To 
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exit the application, select File and Exit from the menu bar. See the 
xjoin(8) reference page and the} OIN Server Administrator’s Guide 
(/usr/doc/join/TOC.htm1) for more information. 


5.3.1 Configuring Server/Security Parameters 
To configure the Server/Security parameters, do the following: 


Click on the Server/Security tab in the xjoin main window. 

Select the Server item from the left side of the window. 

Select Server/Security parameters from the pull-down menu. 

Select a server parameter. 

Select True or False, or enter a value. 

Repeat steps 4 and 5 for all server parameters you want to configure. 


Click on the Add/U pdate button to update the server with the new 
Server/Security parameters. 
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5.3.2 Configuring IP Ranges 
To configure IP ranges, do the following: 


Click on the Server/Security tab in the xjoin main window. 
Select the Server item from the left side of the window. 
Select |P Ranges from the pull-down menu. 

Select the New IP Range item. 


Enter the subnetwork address, server address, and |P range. For each 
IP range, do the following: 


i ca ed 


a. Enter the beginning of the |P Address Range for the subnetwork 
(network, subnetwork, and host address). 


b. Press the Tab key to move to the next field. 
c. Enter the end of the IP Address Range. 


Repeat steps 4 and 5 for each new IP range. 
7. Click on the Add/Update button to update the server with new !P ranges. 


5.3.3 Configuring Host Name Lists 


You configure host name lists only if the Accept Client Name server 
parameter is set to False. If the Accept Client Name server parameter is set 
to True, the server automatically accepts the name a client suggests for 
itself; do not configure host name lists. 
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To configure a host name list, do the following: 


OE ON TS 


Click on the Server/Security tab in the xjoin main window. 
Select the Server item from the left side of the window. 
Select Hostname Lists from the pull-down menu. 

Select the New Hostname List item. 


Enter the domain name, DHCP server name, host name prefix, and 
host names for each host name list. 


Repeat steps 4 and 5 for each host name. 


Click on the Add/U pdate button to update the server with new host 
name lists. 


5.3.4 Configuring a Subnetwork 


To configure a subnetwork, do the following: 


1. 
2. 
3. 


Click on the Subnets tab in the xjoin main window. 
Select the New Record item from the left side of the window. 


Select the Name parameter. Enter the name of the subnetwork 
configuration, for example, Subnet3. 


Select the Member of Group parameter. Enter the name of the group of 
which the subnetwork will be a member. 


Select the Net or Subnet |P Address parameter. Enter the Net or Subnet 
IP address that identifies the subnetwork portion of the network. 


Select the Broadcast Address parameter. Enter the broadcast address 
for this subnetwork. 


Enter information for basic DHCP parameters in the appropriate 
fields. See Section 5.2.2 and the} OIN Server Administrator’s Guide 
(/usr/doc/join/TOC.htm1) for descriptions of these parameters. 


Note that you do not haveto change each parameter valuein the Subnets 
tab; only those that describe your particular network configuration. 


Click on the Add/Update button to update the server with new 
subnetwork configuration information. 


Edit the /etc/join/netmasks file and add an entry for each 
subnetwork in your network. The format of each entry is as follows: 


subne_address subnet_mask 


5.3.5 Configuring a DHCP Client Node 


To configure a node, do the following: 
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Note 


A cluster member must never be a DHCP client. Use static 
addressing for cluster members.. 


Click on the Nodes tab in the xjoin main window. 
Select the New Record item from the left side of the window. 


Select the Name parameter. Enter the name of the node configuration; 
for example, Clients. 


4. Select the Hardware Type parameter. Enter the type of network to 
which the node is connected; for example, Token Ring, Ether3, Pronet, 
Arcnet, or 0. 


5. Select the Hardware Address/Client 1D parameter. Enter the hardware 
address or the client |D of the node. If the Hardware Type defined in 
the previous step is zero, enter the Client 1D (an alphanumeric string 
that you define). 


If you are using the hardware address (MAC address) of the node, enter 
it in the format nn:nninn:nn:nninn (for instance, 08:00:26:75:31:81). 
The hardware address is assigned when a workstation is manufactured, 
and is often displayed when the workstation is turned on or rebooted. 
The hardware address is also called the Ethernet address. 


6. Select the Member of Group parameter. Enter the name of the group of 
which the node will be a member. 


7. Enter information for basic DHCP parameters. See Section 5.2.2 and 
the] OIN Server Administrator’s Guide (/usr/doc/join/TOC.htm1) 
for descriptions of these parameters. 


Note that you do not have to change each parameter value in the Nodes 
tab, only those that describe your particular network configuration. 


8. Click on the Add/Update button to update the server with new node 
configuration information. 


Depending on the DHCP client, the MAC address field is not always the 
actual MAC address of the client’s network adapter. The following Microsoft 
clients are known to modify the MAC address before sending it to the server: 


e Windows 95 
e« Windows NT 
e Windows for Workgroups with Microsoft TCP/IP 


These clients prefix the MAC address with the hardware type. The MAC 
address type is 0 and the length is 7 (instead of 6). For example, if your 
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Ethernet address is 11:22:33:44:55:66, you must Specify the following 
for static |P mapping: 


¢ MAC address: 01:11:22:33:44:55:66 
e MAC type: 0 
* MAC length: 7 


If you do not specify the MAC address in this manner, the client will fail to 
collect an IP address from the DHCP server. 


See the documentation for your Microsoft product for more information. 


5.3.6 Setting Group Parameters 
To define a group, do the following: 


1. Click on the Groups tab in the xjoin main window. 
2. Select the New Record item from the left side of the window. 


Select the Name parameter. Enter the name of the group configuration; 
for example, Global. 


4. Select the Member of Group parameter. If appropriate, enter the name 
of the group of which that the new group will be a member. 


5. Select the Group Members parameter. Enter the names of subnetworks, 
nodes, or other groups that will be members of the group. Press the 
Tab key between entries. 


6. Enter information for basic DHCP parameters. See Section 5.2.2 and 
the] OIN Server Administrator’s Guide (/usr/doc/join/TOC.htm1) 
for descriptions of these parameters. 


Note that you do not have to change each parameter value in the Groups 
tab, only those that describe your particular network configuration. 


7. Click on the Add/Update button to update the server with new group 
configuration information. 


5.4 Starting the DHCP Server (joind) 


After you install the OSFINET optional subset, run the installation script, 
and configure the server, use the SysMan Menu application of the Common 
Desktop Environment (CDE) Application Manager to start the DHCP 
server and implement the new configuration. To invoke the SysMan Menu 
application, follow the instructions in Chapter 1. 
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To start the DHCP server, do the following: 


1. FromtheSysMan Menu, select Networking>Additional Network 
Services—Set up the system as a DHCP Server (joind) to display the 
DHCP Server Daemon dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman joind 

The utility asks if you want this system to bea DHCP server. 
Select the Yes radio button to enable the joind daemon. 


Set the debugging level. The default is 0 for no debugging information. 
Higher numbers produce more detailed debugging information. 


Set the Log Level by selecting the appropriate radio button. 


5. Select OK to save the changes and enable the joind daemon. You are 
informed that the daemon is running. 


6. Select OK todismiss the message and close the DHCP Server Daemon 
dialog box. 


The DHCP Server Daemon dialog box also allows you to disable and stop 
the joind daemon. See the SysMan Menu online help for additional 
information. 


Caution 


Do not use the kill —9 command to stop the DHCP server 
daemon; it can corrupt your database files. Use the Configuring 
DHCP Server Daemon dialog box or the kil1 —HUP command 
instead. 


See the joind(8) reference page for more information about the joind 
daemon. 


5.5 Starting the DHCP Client 


When you use the SysMan Menu application to configure the basic network 
connections on the client system, you must specify an Internet address 
source. If you specify DHCP server and restart the network, the DHCP 
client daemon starts and uses DHCP to obtain IP configuration information. 
From then on, the DHCP client automatically starts each time the client 
computer boots. 
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5.6 Monitoring DHCP Client Configuration 


After the initial DHCP server configuration, you can check the status of a 
DHCP client by examining the contents of the /var/join/1log file or by 
doing the following: 
1. Login as root tothe DHCP server host. 
2. Invokethe xjoin application by entering the following command: 

# /usr/bin/X11/xjoin 
3. Click on the Server/Security tab in the xj oin main window. 


Select Active |P Snapshot from the pull-down menu. The Active IP 
Snapshot window is displayed, listing each configured DHCP client. 


5. Click on arecord on the left side of the window to display all current 
configuration information for the client. 


You can also use the xjoin application to modify client configuration 
information, permanently map a hardware address to an 1P address, import 
a file into the active |P database, and remove records from this window. See 
the xjoin(8) reference page and the} OIN Server Administrator’s Guide 
(/usr/doc/join/TOC.htm1) for more information. 


5.7 Mapping Client IP Addresses Permanently 


Typically, a client is assigned the first available |P address from the pool of 
IP addresses. However, you might want to permanently assign an|P address 
toa client’s hardware address or Media Access Control (MAC) address. The 
|P address mapped to a hardware address does not need to come from the 
|P addresses you have already defined. To permanently map an IP address 
toa client’s hardware address, do the following: 
1. Login as root tothe DHCP server. 
2. Invokethe xjoin application by entering the following command: 

# /usr/bin/X11/xjoin 
3. Click on the Server/Security tab in the xjoin main window. 


Select Active |P Snapshot from the pull-down menu. The Active IP 
Snapshot window is displayed. 


5. Select the New Record item. 


Enter a value for each parameter. Press the Return or Tab key after 
each entry. Specify the integer —1 for Lease Expiration to ensure that 
the IP address assignment is preserved in the DHCP database (it will 
never expire). 


7. Click on the Add/Update button to add the new record to the database. 
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8. Repeat steps 5, 6, and 7 for each MAC address you want to permanently 
map. 


5.8 Restricting Access to the DHCP Server 


You restrict client access to the DHCP server only if you set the Restrict to 
Known MAC Address server parameter to True. (See Section 5.2.2.1.) If 
you set the Restrict to Known MAC Address server parameter to True, you 
must create a list of MAC addresses that can access and accept IP address 
assignments from the DHCP server. If you set the server parameter to F alse, 
do not create a list of MAC addresses. 


To create a list of MAC addresses that can access the DHCP server, do the 
following: 
1. Click on the Server/Security tab in the xjoin main window. 


2. Select Preload MAC Addresses from the pull-down menu. The Preload 
MAC Addresses window is displayed. 


Select the New Record item. 
Enter a value for each parameter. Press the Return key after each entry. 
Click on the Add/U pdate button to add the new record to the database. 


Repeat steps 3, 4, and 5 for each MAC address that you want to access 
the DHCP server. 


aun Pw 


Alternatively, you can import a file into the MAC address database by using 
the jdbmod command. See the j dbmod(8) reference page for information 
on the imported file format. 


To remove records from the MAC address database, select a MAC address 
from the left side of the window and click on the Delete button. 


5.9 Configuring a BOOTP Client 
To register a client to use BOOTP only, do the following: 


1. Login as root. 

2. Invokethe xjoin application by entering the following command: 
# /usr/bin/X11/xjoin 

3. Click on the Nodes tab in the xjoin main window. 


4. Enter BOOTP client information, including the boot file name, host 
IP address, subnetwork mask, and any other required information. 
The basic BOOTP parameters are grouped together below the K ey 
parameters in the middle column. To display additional parameters, 


Dynamic Host Configuration Protocol 5-19 


click on the Basic DHCP Parameters pull-down menu and select DHCP 
Parameters. 


5. Click on the File/Update button to update the server with the BOOTP 
client information. 


5.10 Disabling DHCP Address Assignment 


In some cases, you might want to disable DHCP address assignment and use 
the BOOTP and DHCP server daemon (/usr/sbin/joind) to respond to 
BOOTP requests only. To disable all DHCP address assignment features in 
the DHCP and BOOTP server, do not specify an |P address range for any 
subnetwork (this is the default). If no|P address ranges are defined, the 
server never sends a DHCP reply in response toa DHCP client request. 


If DHCP address assignment is disabled, DHCP clients that have previously 
registered with this server continue to operate until their leases timeout; the 
server will fail to renew the client lease. 
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Point-to-Point Connections 


The Tru64 UNIX system supports point-to-point connections using the Serial 
Linelnternet Protocol (SLIP) and the Point-to-Point Protocol (PPP). 


This chapter describes: 

¢ TheSLIP and PPP environments 

« How toconfigure SLIP and PPP dial-in and dial-out systems 
¢« How toconfigure a modem for use with the operating system 


For troubleshooting information, see Section 15.15 for SLIP and 
Section 15.16 for PPP. 


6.1 Serial Line Internet Protocol (SLIP) 


The Serial Line | nternet Protocol (SLIP) is a protocol used to run IP over 
serial lines between two hosts. You can connect the two hosts either directly 
or over telephone circuits using modems. TCP/IP commands (such as 
rlogin, ftp, and ping) can berun over the SLIP connection. 


6.1.1 SLIP Environment 


In the SLIP environment, systems can be directly connected to each other, if 
they are in close proximity, or connected through modems and a telephone 
network, if they are not. Figure 6-1 shows both of these simple SLIP 
configurations. Figure 6-2 shows a SLIP connection between two systems 
with host B acting as a gateway system. 
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Figure 6-1: Sample Simple SLIP Configuration 
1.2.3.3 1.2.3.4 


ae Null modem cable 


1.2.3.5 
Full-function modem cable 1.2.3.6 


Modem 


ZK-1177U-Al 


Figure 6-2: SLIP Configuration with Gateway System 


A 1.2.3.11 


1.2.3.12 Netmask 
255.255.255.0 


1.2.3.14 


ZK-1178U-Al 


6.1.2 Planning SLIP 


This section describes those tasks you must complete before configuring 
SLIP. 
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6.1.2.1 Verifying the Hardware 


When you verify the hardware, you need to verify both the cables and 
modems, if used. 


Make sure you use the correct cable to connect tothe serial port of your 
system. If you do not, you might experience signal degradation and the 
software will fail to function properly. 


If the two systems are in close proximity to each other, use one of the null 
modem cables listed in Table 6-1. 


Table 6—1: Types of Null Modem Cable 


Cable Number Description 

BC22D-xx4 Asynchronous null modem cable (male DB25 pin 
to female DB25 pin cable) 

BC22R-xx? RS-232 null modem cable (male DB25 pin to 
female DB25 pin cable) 

BC24C-xx4 25-wire null modem cable (male DB25 pin to 
female DB25 pin cable) 

BC29Q-xx4 Male DB9 pin to female DB9 pin cable 


9 xx denotes the cablelength. For example, BC29Q-10 is a ten-foot cable. 


If the two systems are connected through modems and telephone lines, see 
Table 6-7 for a list of modem cables to use. 


When using modems with SLIP, adhere to the following guidelines: 


« Usemodems that can handlea serial port speed of 38,400 bits per second 
(bps). If the modems you plan to use cannot handle a serial port speed of 
38,400 bps, set them to the highest speed to which they can be set. 


e« Use modems that are V.34bis compliant with V.42bis compression. 
Alternatively, you can use modems that support the Microcom Network 
Protocol (MNP) because both V.42bis and MNP implement a subset of 
the other protocol. 


¢« Set the modems to 8 bits, no parity, and connect them to the telephone 
network. 


e« Use hardware flow control, if possible. High-speed modems often fall 
back toa lower data rate when line degradation occurs. 
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Note 


Do not use software flow control (XON/XOFF). It will corrupt 
the data stream causing the TCP layer over IP to issue 
retransmit requests for overruns. 


6.1.2.2 Preparing for the Configuration 


After you verify the communication hardware, you can set up the system 
to run SLIP. 


Figure 6-3 shows the SLIP Setup Worksheet, which you can usetorecord the 
information that you need to configure SLIP. The following sections explain 
the information you need to record on this worksheet. If you are viewing this 
manual online, you can use the print feature to print the worksheet. 


Figure 6-3: SLIP Setup Worksheet 


Type of connection: Hardwired [_] Modem 
Type of system: Dial-in ["] Dial-out 

Local IP address: 
Network mask: 
Destination IP address: 
Terminal name: 
Speed: 

SLIP login information: 


Dialout systems 
startslip subcommands: 


Dialin systems 
slhosts file options: 
Gateway: Yes [-] No 


Type of connection 


Check Hardwired if the two systems are connected by a null modem 
cable, such as BC22D-xx. Check Modem if the two systems are 
connected by modem cables, modems, and a telephone network. 


Type of system 


Check dial-in if the system is to answer calls from remote systems. 
Check dial-out if the system is to place calls toa remote system. 
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Local IP address 
Your system’s SLIP interface |P address. Each SLIP interface must 
have an IP address. For more information on SLIP, see the Technical 
Overview and starts1lip(8). 
Network mask 
Your network’s subnetwork mask. This must be the same for both 
systems. See Section 2.2 for more information on the network mask. 
Destination IP address 


The destination system’s SLIP interface |P address. 


Terminal name 


The name of a valid terminal device in the /dev directory that 

has a cable connection. This can be either the full path name (for 
example, /dev/tty00) or the namein the /dev directory (for example, 
tty0o). For more information on the terminal line specification, see 
startslip(8). If you are unsure of the terminal device, see port(7). 


Speed 


The serial port speed used to connect the systems to each other or 
a system and the modem. The default speed is 9600 bps. For more 
information on the speed, see starts1lip(8). 


SLIP login information 


The login information for the SLIP connection. This includes user 
name, password, and login sequence; for example, the login prompt 
used on dial-out connections. 


startslip subcommands 


For dial-out systems, Table 6-2 shows the mandatory startslip 
subcommands that you specify when you create a setup script file. 
Table 6-3 shows the optional startslip subcommands. 


Table 6-2: Mandatory startslip Subcommands 


Subcommand Information Required 

myip Your system’s IP address. 

dstip The destination system’s | P address. 
netmask The network mask for the subnetwork. 
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Table 6-2: Mandatory startslip Subcommands (cont.) 


Subcommand 


Information Required 


hardwired 


modemtype 


opentty 
dial 


expect 


send 


connslip 


None. Specifies that the two systems are 
connected by a null modem cable. 


The type of modem used, unless you have 
a direct connection. 


The serial line and line speed. 
The telephone number to dial. 


The information that you expect to receive on the 
serial line; for example, login sequences. 


The information that you want to send 
on the serial line. 


Configures the network interface and attaches the 
serial line to the network interface. 


Table 6-3: Optional startslip Subcommands 


Subcommand 


Description 


debug 


gateway 


icmpsup 


tcpauto 


tcpcomp 


Generates debugging messages tothe log file specified. 


Specifies that the destination system is a gateway 
to another system on a LAN. 


Suppresses Internet Control Message Protocol 
(ICMP) traffic. ICMP traffic (such as that 
generated by the ping command) cannot be 
sent over the SLIP connection. This frees line 
bandwidth for more critical traffic. 


Specifies that the local system compress TCP 
headers when it detects that the remote system 
is compressing them. This option can be useful 
if you do not know whether the remote system 
is doing TCP header compression. 


Note: If the tcpauto option is enabled on both 
systems, TCP header compression does not 
occur. One of the two systems must explicitly 
enable TCP header compression. 


Compresses TCP headers before they are sent over 

the SLIP connection. Compressing the TCP header 

allows for faster data transfers. The remote system 
must support this option to decompress the headers 
when they arrive at the remote end. 


See starts1ip(8) for a complete list of the startslip subcommands. 
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slhosts file options 
For dial-in systems, Table 6-4 shows a list of options for each SLIP link 
specified in the /etc/slhosts file. 


Table 6-4: slhosts File Options 
Option Description 


debug Generates debugging messages to the 
daemon. log file. 


icmpsup Suppresses Internet Control Message Protocol 
(ICMP) traffic. I1CMP traffic (such as that 
generated by the ping command) cannot be 
sent over the SLIP connection. This frees line 
bandwidth for more critical traffic. 


tcpauto Specifies that the local system compress TCP 
headers when it detects that the remote system is 
compressing them. This option can be useful if you 
do not know whether the remote system is doing 
TCP header compression. This is the default. 


tcpcomp Compresses TCP headers before they are sent over 
the SLIP connection. Compressing the TCP header 
allows for faster data transfers. The remote system 
must support this option to decompress the headers 
when they arrive at the remote end. Do not specify 
the tcpcomp and tcpauto options together. 


See slhosts(4) for more information. 


Gateway 


For dial-in systems, if your system is to act as a gateway for a dial-out 
system to access the LAN, check Yes; otherwise, check No. 


6.1.3 Configuring SLIP 


To configure SLIP, you must have verified the communications hardware 
and completed the configuration worksheet. 


A system in a SLIP environment can have one of the following roles: 
¢ Dial-in system 
¢ Dial-out system 


You edit system files and use the startslip program to configure both 
dial-in connections and dial-out connections. 
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6.1.3.1 Configuring a Dial-In System 


To configure a dial-in system, log in as root and complete the following steps: 


1. 


Set up your modem for dial-in access. See Section 6.3.2 for more 
information. 


Note 


Usea getty process for SLIP dial-in access. 


Edit the /etc/passwd file and create a dedicated entry for a SLIP user. 
For the login shell field, specify /usr/sbin/startslip. Thelogin 
name you specify here is used to find an entry in the /etc/slhosts 
file, for example: 


slipl:password:10:20:Remote SLIP User:/usr/users/guest:/usr/sbin/startslip 


Edit the /etc/slhosts file and create an entry for the login name 
using the information from the worksheet. An /etc/slhosts file entry 
has the following syntax: 


login_nameremote ip local_ip netmask option 


For example, if host D is the dial-in system in Figure 6-1, the entry is 
as follows: 


slipl 1.2.3.6 1.2.3.5 255.255.255.0 nodebug 
See slhosts(4) for more information. 


Edit the /etc/inittab file and create an entry for each terminal 
device that is to run SLIP. An /etc/inittab file entry has the 
following syntax: 


Identifier: Runlevel:Action: Command 

For example: 

modem:3:respawn:/usr/sbin/getty /dev/tty00 M38400 vt100 
See inittab(4) for more information. 

Issue the init gq command tostart the getty process immediately. 


If the dial-in system will be a gateway for the dial-out system to reach 
other systems on the LAN, the dial-in system must be configured as an 
IP router and must alsorun gated. See Chapter 2 for basic network 
setup information. 


If problems occur while using SLIP, see Section 15.15. 
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6.1.3.2 Configuring a Dial-Out System 


To configure a dial-out connection, log in as root and complete the following 


steps: 


1. Verify that thereis an entry for your modem name in the /etc/acucap 
file. If your modem does not have an entry in the /etc/acucap file, 


do the following: 


Copy an entry similar to that of your modem. 


Modify the modem attributes to match your modems attributes. 
Set up the modem for dial-out access by including the AT commands 
listed in Table 6-5 in the synchronization string (ss) of the entry. 
The other modem settings can remain as they are. 


Table 6—5: Modem Commands for Dial-Out Access 


Command Description 

até&el Normal Carrier Detect (CD) operation. Tells the 
modem to not raise Carrier Detect until it sees 
Carrier Detect from the other modem. 

at&d2 Normal Data Terminal Ready (DTR) operation. This 
tells the modem to hang up the line when DTR drops; 
for example, when the user logs off the system. 

atel Turns on echoing. 

atqo Displays the result codes. 

ats0=0 Does not answer the phone. 


In addition, include the debug option (db). With debugging turned 
on, the modem will provide you with additional information with 
which to tune the modem attributes in the file. See acucap(4) for 
more information. 


2. If you use the getty command to provide access to the system from a 
modem and a getty process is already running, do the following: 


a. 


Edit the /etc/inittab file and change the Action field of the 
modem entry from respawn to of f as follows: 


modem: 23:off:/usr/sbin/getty /dev/tty00 M38400 vt100 


See inittab(4) for more information. 


Issue the init gq command toterminate the getty process. 
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3. Createa file that contains startslip subcommands for SLIP dial-out 
connections by doing the following: 


a. Copy thesample script file from the startslip(8) reference page 
to a new script file. 


b. Usethe tip command to dial out and log in to the remote 
system, writing down the exact prompt and login sequence on the 
worksheet. 


c. Edit the script file, modify the expect subcommands with the 
prompt and login information, and modify other subcommands with 
information from the worksheet. 


Note 


The sample script file specifies the debug subcommand and 
a debug file name at the beginning of the file. 


See startslip(8) for more information. 


4. Invoke the startslip command with the-i filename option. 
The filename is the name of the file containing the startslip 
subcommands. 


After making the connection, startslip runs in the background. 
The telephone number (if any) and the process ID are logged in the 
/var/run/ttyxx .tel-pid file 


If problems occur while using SLIP, see Section 15.15. 


6.1.4 Terminating a SLIP Dial-Out Connection 
To terminate a SLIP dial-out connection, do the following: 
1. Determine the process 1D of the startslip process tokill by using the 
following command: 


# cat /var/run/ttyxx.tel-pid 
phonenum 8021455 pid 821 


In the previous command, ttyxx specifies the terminal line used for 
the SLIP connection. If multiple SLIP connections are active on your 
system, there will be multiple files in the /var/run directory. 


2. Kill the startslip process by using the following command and 
specifying the process |D that you found in step 1: 


# kill 821 
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Alternatively, you can turn off your modem to terminate the dial-out 
connection. 


6.2 Point-to-Point Protocol (PPP) 


The Point-to-Point Protocol (PPP) provides a standard way to transmit 
datagrams over a serial link and a standard way for the systems at either 
end of the link (peers) to negotiate various optional characteristics of the 
link. Using PPP, a serial link can be used to transmit Internet Protocol (IP) 
datagrams, allowing TCP/IP connections between the peers. 


The Tru64 UNIX PPP subsystem is derived from public domain ppp-2.3.1, 
and supports IP datagrams. See RFC 1661, RFC 1662, RFC 1332, and RFC 
1334 for more information about PPP. 


Establishing a PPP connection between two systems basically involves 
setting up a serial link and running pppd on both ends of the link. 


Systems in a PPP environment can have the following roles: 
¢ Dial-out system 
¢ Dial-in system 


6.2.1 PPP Environment 


Systems using PPP can be directly connected to each other if they arein 
close proximity, or connected through modems and a telephone network if 
they are not. Figure 6-4 shows two simple PPP configurations with PPP 
connections between two systems. 


Figure 6-4: Simple PPP Configurations 
1.2.3.3 1.2.3.4 


a Null modem cable 


1.2.3.5 


Full-function modem cable 1.2.3.6 
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Figure 6-5 shows two PPP connections. The first is between host A and host 
B, with host B acting as a gateway system. The second is between personal 
computer E and host D through terminal server C. The latter configuration 
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might be common for employees working at home and dialing in toa system 
at work. 


Figure 6—5: Network PPP Configuration 


1.2.3.11 


1.2.3.12 Netmask 
255.255.255.0 


Terminal 
1.2.3.14 Server 


Modem 


1.2.3.15 


ZK-1176U-Al 


6.2.1.1 Chat Scripts 


A chat script can be used to automate the dial-out process for a PPP 
connection. You can configure it to wait for output from a remote system and 
reply with responses that you specify. 


Each entry in a chat script has the following format: 
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string_chat_expects string_chat_sends 
For example, a chat script might contain the following information: 


"" atdt2135476 1 
CONNECT 2 
login: myname 3 
Password: "\qmypassword" 4 
"S " "\qpppd" [5 
"\qpppd" local addr:|6 


When this chat script is executed, the following steps are taken: 


1] Thechat program expects nothing and sends a dial command to the 
modem. 


2} The chat program expects a CONNECT message and sends a carriage 
return (implied). 


3] Thechat program expects the login: string and sends the myname 
string. 


4) Thechat program expects the Password: string and sends the 
mypassword String. The \q prevents chat from logging the password 
when you use the -v option. 


5] Thechat program expects the shell prompt ($) and sends pppd to start 
the pppd daemon on the remote machine. The \q cancels the effect 
of the previous \q. 


6] If you want the local address of the PPP link to differ from the | P 
address for the local host’s Ethernet or other broadcast interface, put 
the desired address on the pppd command line with a colon appended. 


You can create a unique chat script for each remote system to which you 
connect. Once the scripts are created, you establish a PPP connection toa 
given system by executing the appropriate script with the chat command, 
as follows: 


# chat /etc/ppp/chat-script 
See the chat(8) reference page for more information on the chat command 
and chat scripts. 


6.2.1.2 PPP Options 


When you invoke the pppd daemon, you can specify options for it on the 
command line. These options allow you to configure basic settings such as the 
speed of the connection, the local and remote IP addresses, and the netmask 
for the network interface. They also allow you to configure advanced settings 
such as the types of flow control, authentication, and routing to use. 
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If you use certain settings each time you initiate a PPP connection, you 
can automatically enable these settings for each connection by editing the 
following files: 


« /etc/ppp/options — This file contains system default options that 
are read before user default options and command line options. This 
file contains any options that you want pppd to use whenever it runs. 
If authentication is required, add the auth and usehostname options 
to this file. 


Note 


If the /etc/ppp/options file does not exist or is unreadable 
by pppd, the daemon will not run. Set the file permissions so 
that only root has write access. 


¢ /etc/ppp/options.tty.xx — This file contains options specific to 
the serial port /tty. xx. 


* SHOME/.pppre — This file contains the user default options that are 
read before command line options. 


Depending on your configuration, one options file might overrule another 
for certain parameters. For example, if you specify one set of values for 
parameters in the /etc/ppp/options file, then specify a different set of 
values for the same parameters in a /etc/ppp/options.tty.xx file, the 
settings in the latter file are used when you connect through the specified 
serial port. 


See pppd(8) for a list of the pppd options. See Section 6.2.3.2 for information 
about how to use the SysMan Menu utility to create options files. 


6.2.1.3 Authentication 
PPP provides three protocols for authenticating hosts and for authenticating 
your host system to others: 
e Password Authentication Protocol (PAP) 
¢« Challenge Handshake Authentication Protocol (CHAP) 


¢« Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) 
All protocols exchange secrets in order to complete the authentication 
process. PAP secrets are contained in the /etc/ppp/pap-secrets file; 


CHAP secrets are contained in the /etc/ppp/chap-secrets file. Set the 
file permissions on these files so that only root has read access. 


The /etc/ppp/pap-secrets and the /etc/ppp/chap-secrets files for 
PAP and CHAP have the following format: 
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client server secret ip address... 

* client — Nameof the machine to be authenticated 

* server — Name of the machine requiring the authentication 

* secret — Password or CHAP secret known by both client and server 


* IP address — Zeroor more|!P addresses that the client can use (this 
field is only used on the server) 


For example, if a LAN-connected host named work requires authentication, 
and a host named home connects to it and authenticates itself using CHAP, 
the /etc/ppp/chap-secrets file on each machine must contain an entry 
similar to the following: 


home work "an unguessable secret" home.my.domain 


Note 


The /etc/ppp directory contains files of secrets used for 
authentication, and must not bein a partition that is exported 
using NFS and accessible by other hosts. 


If authentication is required, the /etc/ppp/options file must contain 
the auth and usehostname options. 


Note, the MS-CHAP protocol exchange secrets are located in the 
/etc/ppp/chap-secrets file. The format for this protocol is as follows: 


username server secret 

* username — User name of the user to be authenticated 

* server — Nameof the machine requiring the authentication 

* secret — Password or CHAP secret known by both client and server 


6.2.2 Planning PPP 


This section describes the tasks you must complete before configuring PPP. 


6.2.2.1 Verifying the Hardware 


Verify that you have the hardware to connect to the serial port of your 
system. If the two systems are in close proximity to each other, use one of 
the null modem cables listed in Table 6-1. 


If the two systems are connected through modems and telephone lines, see 
Table 6-7 for a list of modem cables to use. The modems are set to 8 bit, no 
parity, and are connected to the telephone network. 
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6.2.2.2 Verifying PPP Support in the Kernel 


To verify that PPP is supported in the kernel, enter the following command: 


# sysconfig -s | grep ppp 
If PPP is not loaded and configured, do the following: 
Login as root. 


Rebuild the kernel by running the doconfig utility and selecting the 
Point-to-Point (PPP) option. 


3. Makea backup copy of the current /vmunix kernel file. 


Copy the newly-created /sys/HOSTNAME/vmunix kernel file to the 
/vmunix file. 


5. Reboot the system. 


6.2.2.3 Preparing for Configuration 


After you verify PPP support in the kernel, you can configure PPP. 


Figure 6-6 shows the PPP Setup Worksheet, which you can use torecord the 
information that you need to configure PPP. The following sections explain 
the information you need to record on this worksheet. If you are viewing this 
manual online, you can use the print feature to print the worksheet. 


Figure 6-6: PPP Setup Worksheet 
PPP Setup Worksheet 


Type of system: Dial-in [_] Dial-out 
Local IP address: 
Remote IP address: 
Network mask: 
Terminal name: 
Speed: 
Level of authentication: 
Type of authentication: [_] PAP [_] CHAP 
Options: 


Type of system 


Check dial-in if the system is to answer calls from remote systems. 
Check dial-out if the system is to place calls toa remote system. 
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Local IP address 


The local system's IP address. For systems connected to a local area 
network (LAN), this address is already assigned if you configured your 
network software; it is the |P address of the LAN interface. 


If you have a standalone system, you must assign it an |1P address. If 
you are using PPP tolink your system to a host that is connected to 
the Internet, assign the local system an address that is on the same 
subnetwork as the remote host. If the other host is not connected to the 
Internet, assign the local system any IP address. 


Remote IP address 


The remote system's IP address. 


Network mask 


Your network’s subnetwork mask. This must be the same for both 
systems. See Section 2.2 for more information on the network mask. 


Terminal name 


The name of any valid terminal device in the /dev directory. This can 
be either the full path name (for example, /dev/tty01) or the name 
in the /dev directory (for example, ttyo1). If you are unsure of the 
terminal device, see ports(7) for more information. 


Speed 


The speed of the modem (or null modem) used to connect the systems 
and the terminal line specification. If your modem automatically 
senses the line speed or if you are using a null modem cable between 
hosts, you can specify any speed up to the maximum supported by the 
hosts. This is usually 38400 bps. 


Level of authentication 


The level of authentication required. In general, if your system is 
connected toa LAN, it is best to require the remote host to authenticate 
itself and to restrict the remote host’s choice of |P address based on its 
identity. Otherwise, a remote host might impersonate another host 

on the local subnet. 


Note 


If you are configuring PPP for the first time, do not enable 
authentication until you can successfully establish a link. 
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Type of authentication 
If you are using PAP authentication, check PAP. If you are using CHAP 
authentication, check CHAP. 

Options 


Table 6-6 describes some advanced options that are commonly 
configured. You can use the SysMan Menu utility to configure these 
options, as described in Section 6.2.3.2. 


Table 6-6: slhosts File Options 


Option Description 

Async Character If the serial line is not completely 8-bit 
Conversion Map transparent, specify this option; asyncmap 
(asyncmap) 200a000 is appropriate if the serial link 


includes a telnet link. 


Maximum Receive Unit To improve performance for multiple | P 

(MRU) Negotiation connections, reduce the Maximum Receive Unit 
(MRU) on the local and remote system. It is 
best to set the MRU value to 296. 


Hardware Flow Enables hardware flow control on the serial 

Control(RTS/CTS) device. If the modem does not support hardware 
flow control, do not add this entry. See your 
modem documentation to verify this information. 


LCP Echo-Request Sends a Link Control Protocol (LCP) echo 

Interval (Icp-echo- request frame to the remote system every 60 

interval) seconds. This determines whether the link to 
the remote system is still active. 

Maximum LCP-Echo If the local system does not receive a response 

Requests (Icp-echo- from the remote system after five LCP echo 

failure) request frames, pppd considers the link dead 


and tears down the connection. 


Force peer to supply local Specifies that the remote system (ISP) is to 

IP address (noipdefault) provide the local system an IP address, unless 
an IP address is specified explicitly on the 
command line or in an options file. 


Enable debugging (debug) Enables debugging. All messages are sent to 
the file specified in the /etc/syslog. conf 
file. After your connection is working 
correctly, remove this entry. 


See pppd(8) for a complete list of pppd options. 
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6.2.3 Configuring a Dial-Out System with PPP 


If the system will place calls to a remote system, you must establish a 
dial-out connection, which requires you to perform the following tasks: 


Setting up initial communications 

Creating options files 

Setting up authentication 

Setting up message logging 

Initiating and monitoring the PPP connection 


The following sections discuss these configuration tasks, and Section 6.2.3.6 
describes additional steps you need to take if you are connecting toa 
Microsoft NT Remote Access Server (RAS). 


6.2.3.1 Setting Up Initial Communications for a Dial-Out System 


After you connect your modem to a serial port on your system, do the 
following: 


1. 


Verify that you can communicate with the modem: 


Edit the /etc/remote file and copy the kdebug entry. 


Modify the new entry, providing a system name, the terminal device 
name (tt yoo or ttyo1 depending on your system), the speed, and 
parity. See remot e(4) for more information. 


c. Usethe tip command to access the modem as follows: 


2 


% tip system name 
The system_name is stored in the /etc/remote file. 


d. If your modem is using the AT command language, enter the 
following command: 


AT |RETURN 
If the modem is not in quiet mode, it responds with an OK message. 


Contact the administrator of the remote system or your Internet Service 
Provider (ISP) and obtain the following information: 


¢« Your remote |P address and netmask, unless the remote system 
assigns the IP address dynamically 


¢« Characters that might need to be escaped 


e Instructions on how tologin and use the remote service 


This information is used to create a chat script, which automates 
the dial-out process. A chat script is a file that contains a list of 
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commands that the chat program uses to direct the modem. It contains 
the number to dial and the information to send to the remote system 
to start the pppd daemon. 


Note 


You can use the tip command to dial out and login tothe 
remote system to collect additional information about the 
process. Write down the exact prompt, login sequence, and 
pppd start-up sequence for usein the chat script. 


Create a chat script, as described in Section 6.2.1.1, to automate the 
dial-out process. 


6.2.3.2 Creating Options Files for a Dial-Out System 


Use the SysMan Menu of the Common Desktop Environment (CDE) 
Application Manager to create PPP options files. To invoke the SysMan 
Menu application, follow the instructions in Section 1.1.1. 


To create an options file for a dial-out system, do the following: 


1. 


4. 


From the SysMan Menu, select Networking—Additional Network 
Services—Serial Line Networking—Point-to-Point Protocol 
(PPP)—>Create option files to display the PPP Option Files dialog box. 


Alternatively, enter the following command on a command line: 

# /usr/bin/sysman ppp options 

Select a file from the list that is displayed and select Modify. Or, do the 

following to create a new options file: 

a. Select the New File... option to display the Create PPP Options 
File dialog box. 

b. Enter the new file name and select OK. 


The Modify PPP Options File dialog box is displayed. 


Select Dial-Out Options and select Configure to display the Dial-Out 
Options dialog box. Complete the fields using the information that you 
gathered on the PPP Setup Worksheet. 


If your system is standalone and you are connecting to the | nternet 
through the remote system, add a default route via the remote host. 
Under the System Routing Tables option, select the appropriate radio 
button. 


See pppd(8) for a complete list of pppd options. 
Select OK to close the Dial-Out Options dialog box. 
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7. 


Select Advanced PPP Options if you want to configure additional PPP 
options. Make the necessary changes, then select OK to close the 
associated dialog box. 


Select OK in the Modify PPP Options File dialog box to save the changes 
and to close the dialog box. 


Select Exit to close the PPP Option Files dialog box. 


You can use the SysMan Menu utility to copy, modify, and delete option files. 
See the online help for more information. 


6.2.3.3 Setting Up Authentication for a Dial-Out System 


6.2.3.3.1 


The chap-secrets and pap-secrets files contain entries that can be used 
for authentication purposes, as discussed in Section 6.2.1.3. The following 
sections describe how to create entries in these files. 


Creating Entries in the PAP Secrets File 


Use the SysMan Menu of the Common Desktop Environment (CDE) 
Application Manager to create entries in the pap-secrets file. To invoke 
the SysMan Menu application, follow the instructions in Section 1.1.1. 


To create entries in the pap-secrets file, follow these steps: 


1. 


4. 
5. 


From the SysMan Menu, select Networking—Additional Network 
Services—Serial Line Networking—Point-to-Point Protocol 
(PPP)—>Modify pap-secrets file to display the Modify pap-secrets File 
dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman pap 


Select Add to display the Add pap-secrets Entry dialog box. Supply 
the requested information. 


Select OK to save the current changes and close the dialog box. The 
Modify pap-secrets File dialog box displays the new entry. 


Repeat steps 2 and 3 as many times as necessary. 
Select Exit to close the M odify pap-secrets F ile dialog box. 


You can also use the SysMan Menu utility to modify or delete entries in the 
PAP secrets file. See the online help for more information. 
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6.2.3.3.2 Creating Entries in the CHAP Secrets File 


Use the SysMan Menu of the Common Desktop Environment (CDE) 
Application Manager to create entries in the chap-secrets file. To invoke 
the SysMan Menu application, follow the instructions in Section 1.1.1. 


To create entries in the chap-secrets file, follow these steps: 


1. 


4. 
5. 


From the SysMan Menu, select Networking—Additional Network 
Services—Serial Line Networking—Point-to-Point Protocol 
(PPP)—»Modify chap-secrets file to display the Modify chap-secrets File 
dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman chap 


Select Add to display the Add chap-secrets Entry dialog box. Supply 
the requested information. 


Select OK to save the current changes and close the dialog box. The 
Modify chap-secrets F ile dialog box displays the new entry. 


Repeat steps 2 and 3 as many times as necessary. 
Select Exit to close the M odify chap-secrets F ile dialog box. 


You can also use the SysMan Menu utility to modify or delete entries in the 
CHAP secrets file. See the online help for more information. 


6.2.3.4 Setting Up Message Logging 


To set up message logging, complete the following steps: 


1. 


Edit the /etc/syslog.conf file, as follows: 


Note 


Whitespace in the /etc/syslog.conf file must consist of 
tab characters. Spaces are not acceptable. See syslogd(8) 
for further information. 


a. Add thelocal2 facility (used by the pppd daemon and the chat 
program) to the line that specifies /dev/console as the message 
destination, as follows: 


kern.debug;1local2.notice /dev/console 


In this example, the notice severity level is specified. For more 
information about this severity level and logging system messages 
in general, see the Systen Administration guide. 
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b. Add the following entry to the file to create a ppp-1log file: 
local2.debug /etc/ppp/ppp- log 


c. Save the edits and close the file. 


Stop and restart the syslogd daemon by entering the following 
commands: 


# /sbin/init.d/syslog stop 
# /sbin/init.d/syslog start 


6.2.3.5 Initiating and Monitoring a PPP Connection 


Before initiating a PPP connection, note the following guidelines: 


Do not use the ifconfig command to configure the addresses of the 
ppp interface. The pppd daemon assigns addresses and identifies the 
interface as running. 


Whether you run pppd manually on the remote machine or use a script 
file on the local machine to run pppd on the remote machine, do not 
provide a device name to pppd; it uses the controlling tty by default. 


Once you have configured your system for a PPP dial-out connection, initiate 
the connection as follows: 


1. 


Invoke the pppd daemon on the local system to connect to the remote 
system. For example, the following command starts a link on ttyo1 
and specifies the connect option torun the chat program using the 
specified chat script file. 


% pppd /dev/tty01 38400 connect ‘chat -f£ /etc/ppp/chat-script’ 


Issue the following command to monitor the ppp-1og file and to 
determine whether the PPP connection is active: 


% tail -£ /etc/ppp/ppp-log 


If problems occur while using PPP, see Section 15.16. 


6.2.3.6 Connecting to a Microsoft NT Remote Access Server 


This section describes how to establish a dial-out connection from a Tru64 
UNIX system to a Microsoft NT Remote Access Server (RAS). 


You will need to supply the following information in the /etc/ppp/chap- 
secrets file: 


NT login name and password 
NT domain name 
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6.2.3.6.1 


For details on creating the /etc/ppp/chap-secrets file, refer to 
Section 6.2.3.3.2 and the pppd(8) reference page. 


Configuring an NT RAS Server 


To configure a Tru64 UNIX system to allow dial-out access toan NT RAS 
server, do the following: 


1. Login as root. 


2. Createan /etc/ppp/chap-secrets file. For example, if you are 
dialing into a server named money with a username of monopoly anda 
password of candlestick, create the chap-secrets file as follows: 


# 
# secret for logging into an NT RAS server 
# 


monopoly money candlestick 


3. Issuethe pppd command with the user and remote name arguments to 
select the secret for the server money. For example: 


# pppd tty00 38400 username monopoly remotename money 


If the RAS server you dial out to is not a standalone server or a domain 
controller, you might need to prepend your NT domain name to your 
username. To do this from the command line, enter a command similar to 
the following in which empire is the domain name: 


# pppd tty00 38400 user ‘’empire\\monopoly’ remotename money 


Note 


Single quotes are required in the previous example to escape the 
backslash characters. 


Alternatively, you can place this information in the /etc/ppp/chap- 
secrets file as follows: 


# 

# secret for logging into an NT RAS server 
# 

empire\\monopoly money candlestick 


You can also use the chat program to automate any dialog that is required 
to establish a dial-out connection. See Section 6.2.1.1 for information on 
using the chat program. 


During authentication, Microsoft Windows does not send its node name to the 
PPP peer. The peer must know beforehand the node name of the Microsoft 
Windows system to select the correct secret fromthe chap-secrets file. You 
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can do this by setting the remotename option of the pppd daemon. If this is 
not done, authentication might fail and the PPP link will be disconnected. 


6.2.3.6.2 Solving Microsoft CHAP Authentication Problems 


Microsoft CHAP (MS-CHAP) returns error codes if authentication fails. To 
log the error messages, invoke the pppd command with the debug option. 
The error code format is as follows: 


revd [CHAP Failure id=0x0 "E=NUM R=1"] 
Num is the error code that MS-CHAP returns. 


Possible error codes include: 


Error Code Explanation 


E=646 Your NT account has restricted 
login hours. At this time of day 
you may not log on. 


E=647 Your NT account has been disabled. 


E=648 Your NT account password has expired. 
(Note that pppd cannot negotiate 
a change of password.) 


E=649 You are not permitted to dial in. 


E=691 The RAS server could not validate your 
username. You supplied an incorrect 
password, or you need to prepend your 
domain name to your username. 


6.2.4 Configuring a Dial-In System with PPP 


If the system will answer calls from remote systems, you must establish a 
dial-in connection, which requires you to perform the following tasks: 


¢ Setting up initial communications 
¢ Creating options files 


The following sections discuss these configuration tasks. 
6.2.4.1 Setting Up Initial Communications for a Dial-In System 


To configure a dial-in system, complete the following steps after you connect 
your modem to a serial port: 


1. Set up your modem for dial-in access. See Section 6.3.2 for more 
information. 
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2. Edit the /etc/passwd file and create a dedicated entry for a PPP user. 
For the login shell field, specify /usr/sbin/startppp, which starts 
the pppd daemon for dial-in connections. F or example: 


ppp1:password:10:20:Remote PPP User: /usr/users/guest: /usr/sbin/startppp 

3. Edit the /etc/inittab file and create an entry for each terminal 
device that is to run PPP. For example: 
modem:3:respawn:/usr/sbin/getty /dev/tty00 M38400 vt100 
See inittab(4) for more information. 
Issue the init gq command toimmediately start the getty process. 


5. If the dial-in system will be a gateway for the dial-out system to reach 
other systems on the LAN, the dial-in system must be configured as an 
1P router and must run the gated daemon. Edit the /etc/gated.conf 
file and delete the nobroadcast option (if specified) in the rip 
statement. See Chapter 2 for basic network setup information and 
gated.conf(4) for gated options. 


6.2.4.2 Creating Options Files for a Dial-In System 


Use the SysMan Menu of the Common Desktop Environment (CDE) 
Application Manager to create PPP options files. To invoke the SysMan 
Menu application, follow the instructions in Section 1.1.1. 


To create an options file for a dial-in system, do the following: 


1. FromtheSysMan Menu, select Networking>Additional Network 
Services—Serial Line Networking—Point-to-Point Protocol 
(PPP)—>Create option files to display the PPP Option Files dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman ppp options 
2. Selecta file from the list that is displayed and select Modify. Or, do the 
following to create a new options file: 
a. Select the New File option to display the Create PPP Options File 
dialog box. 
b. Enter the new file name and select OK. 


The Modify PPP Options File dialog box is displayed. 


3. Select Dial-In Options and select Configure to display the Dial-In 
Options dialog box. Complete the input fields using the information 
that you gathered on the PPP Setup Worksheet. By default, an entry is 
automatically added to the Address Resolution Protocol (ARP) table. If 
you do not want an entry to be added, set the appropriate radio button 
to the On position. 
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Select OK to close the Dial-In Options dialog box. 


5. Select Advanced PPP Options if you want to configure additional PPP 
options. Make the necessary changes, then select OK to close the 
associated dialog box. 


6. Select OK in the Modify PPP Options File dialog box to save the changes 
and to close the dialog box. 


7. Select Exit to close the PPP Option Files dialog box. 


You can also use the SysMan Menu utility to copy, modify, and delete option 
files. See the online help for more information. 


6.2.5 Terminating PPP Connections 


To terminate the PPP link, send a TERM or INTR signal to one of the pppd 
daemons by issuing the following commana: 


# kill ‘cat /etc/ppp/pppxx.pid’* 


In the previous command, pppxx specifies the pppd used for the PPP 
connection. The pppd specified in the command notifies other related pppd 
daemons to terminate (clean up and exit). 


If pppd is connected to a hardware serial port connected to a modem, it will 
receive a HUP signal when the modem hangs up, which causes it to clean up 
and exit. This action depends on the driver and its current settings. 


6.3 Guidelines for Using Modems 


The operating system software enables you to use a variety of modems for 
point-to-point connections to systems that are not in close proximity to 
each other. These connections can be Serial Line | nternet Protocol (SLIP), 
Point-to-Point Protocol (PPP), and UNI X-to-UNIX Copy Program (UUCP) 
connections. In addition, these connections can be basic dial-out/dial-in 
connections; for example, you can log in to a remote system to perform 
remote system administration. 


This section presents general guidelines for using modems on Tru64 
UNIX systems for all types of connections. See Section 6.1.2.1 for 
specific information on SLIP and PPP connections and see Chapter 11 for 
information about UUCP connections. 


6.3.1 Using the Correct Modem Cables 


You must use the correct cable to connect a modem to the serial port. Use 
of an incorrect cable might result in signal loss and associated software 
errors. Table 6-7 lists the cables you can use to connect modems. The cable 
connector is either 25-pin or 9-pin, depending on the type of serial port on 
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your system. See the hardware documentation for your system if you are 
uncertain about the type of serial port. 


Note 


DECconnect cables do not provide a sufficient number of wires 
for full modem control; do not use them. 


Table 6-7: Types of Modem Cable 


Cable Number Description 

BC22E-xx@ 16-wire modem cable (male DB25 pin to female DB25 pin cable) 
BC22F-xx? 25-wire modem cable (male DB25 pin to female DB25 pin cable) 
BC29P-xx4 Male DB25 pin to female DB9 pin cable 


PC modem cable Male DB25 pin to female DB9 pin cable 


xx denotes the cable length. For example, BC22E-10 is a ten-foot cable. 


6.3.2 Configuring a System for Dial-In Access 


After you obtain the correct cable and connect your modem to it and the 
telephone network, do the following: 


1. 


Edit the /etc/remote file and create an entry similar to the kdebug 
entry. For example, if your modem is connected to the ttyO0 port and 
you will use a speed of 38,400 bps to access the modem, create an entry 
similar to the following: 


b38400:dv=/dev/tty00:br#38400:pa=none 


Note 


Some modems set their speed to the serial port rate. Be sure 
to access the modem using the same speed that you will 
specify to the getty or uugetty utility. Otherwise, you 
might not be able to log in because of the mismatch. 


Use the tip command to access the modem as follows: 


tip b38400 


The tip utility responds with a connected message. You can now 
communicate with the modem. 


If your modem uses the AT command set, a standard language for 
communication between terminals and modems, enter the following 
command to verify that the modem is ready and listening: 
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at |Return 


If the modem is not in quiet mode, it responds with an OK message. 
Configure the modem for dial-in access as specified in Section 6.3.2.1. 


5. Edit the /etc/inittab file and create an entry for the modem. If you 
want to use the modem line in nonshared mode, create an entry similar 
to the following: 
modem: 23:respawn:/usr/sbin/getty /dev/tty00 M38400 vt100 


If you want to use the modem line in shared mode (for dial-out and 
dial-in connections), usethe uugetty utility instead of the getty utility 
and create an entry similar to the following: 

modem: 23:respawn:/usr/lib/uucp/uugetty —-r -t 60 tty00 38400 


If you specify a speed greater than 9600 bps, you must edit the 
/etc/uugettydefs file and create an entry for the speed you want. 


With the uugetty utility, you can use the tip and cu utilities, but 
differences in file locking might prevent the use of third-party utilities. 


Note 


If you want to use the uugetty utility, you must install the 
UNIX-to-UNIX Copy Facility subset. 


6. Asroot, start the getty or uugetty process by entering the following 
command: 


init q 


The getty or uugetty process starts, then goes to sleep, waiting for 
someone to dial in to the system. 


6.3.2.1 Setting Up a Modem for Dial-In Access 


To configure your modem for dial-in access, you need to send various 
commands to the modem by using the AT command set. Table 6-8 lists the 
AT commands required. These command settings are generally the same 
as the default settings for most modems, but you can enter them again to 
verify that your modem is correctly configured. 
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Table 6-8: Modem Commands for Dial-In Access 
Command Description 
at&cl Normal Carrier Detect (CD) operation. Tells the 


modem not to raise Carrier Detect until it sees Carrier 
Detect from the other modem. 


at&d2 Normal Data Terminal Ready (DTR) operation. This tells 
the modem to hang up the line when DTR drops. For 
example, when the user logs off the system. 


atql Sets the modem to quiet mode. Result codes are 
not sent to the system. 


ated Echo off. This prevents the modem from echoing the 
login prompt issued by the getty process. 


atsO=n Specifies the number of rings to wait before answering. 
If n =O (zero), the modem will not answer. 


at&w0 Saves the current modem settings in NVRAM. Most 
modems contain user profiles where modem settings 
can be stored for future use. This command stores the 
settings in the default profile, o. 


You can enter these commands individually or as one command. For 
example: 


at&cl&d2qle0s0=né&éw0 |Return 


Enter the following command to verify the results (these characters are not 
displayed on the screen because you turned echo off with the eo command): 


atév |Return 


The active profile and stored profile O will reflect the values you entered. 
The active (or current) profile is lost when you turn the modem off, but the 
stored profile will preserve the modem settings for future use. 


In addition to the specified settings, configure the type of flow control to use 
for the connection between the computer and the modem. The operating 
system supports both hardware and software flow control. If your computer 
supports hardware flow control, set the modem and the serial line to use 
hardware flow control by using the appropriate commands. | f hardware flow 
control is not supported, use software flow control. See the manuals for your 
computer and your modem for more information. 
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6.3.3 Configuring Your System for Dial-Out Access 


After you obtain the correct cable and connect your modem to it and the 
telephone network, do the following: 


1. Verify that there is an entry for the modem specified with the 
modemtype subcommand in the /etc/acucap file. If an entry does 
not exist, do the following: 


a. Copy anentry similar to that of your modem. The following entry is 
for a US Robotics modem for use in shared mode with tip: 


us|US|US Robotics (28.8 fax/data modem) :\ 
:cr:hu:1ls:re:ss=AT\rATE1Q0&COX0&A0\r:sr=OK: \ 
:sd#250000:di=ATD:dt\r:\ 
:dd#50000:£d#50:os=CONNECT : ds=\d+++\dATZ\r\dATSO=2\r:\ 
:ab=\d+++\dATZ\r\dATSO=2: 


b. Modify the modem attributes to match those of your modem and 
include the debug option (db). With debugging turned on, the 
modem will provide you with additional information with which 
to tune the modem attributes in the file. See acucap(4) for more 
information. 


2. Createan entry in the /etc/remote file for the system you want to 
call, as specified in Section 6.3.3.1. 

3. If you use the getty utility to provide access to the system from a 
modem and a getty process is already running, do the following: 


a. Edit the /etc/inittab file and change the Action field of the 
modem entry from respawn to of f as follows: 
modem: 23:off:/usr/sbin/getty /dev/tty00 M38400 vt100 
See inittab(4) for more information. 


b. Issuethe init g command toterminate the getty process. 


4. Usethe tip command, specifying the -baud_rate flag and the 
telephone number to dial out as follows: 


tip —38400 8881234 


In this example, tip strips the minus sign (—) from the baud rate and 
concatenates the tip command name and the baud rate to create the 
string tip38400. Then, tip searches the /etc/remote file for the 
entry matching the string. The entry in the /etc/remote file points to 
the capability information in the us38400 entry toinitialize the modem. 


You can specify the telephone number on the command line to share the 
same modem attributes for outgoing connections that have different 
telephone numbers. 
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When you log off the remote system and exit tip, the saved settings are 
restored and the modem is ready for the next user. If used in shared 
mode, the modem is available for dial-in access. 


6.3.3.1. Creating Entries in the /etc/remote File 


The /etc/remote file stores information about the dial-out connections 
that you establish. 


You can use this file to supply the terminal device name, connection speed, 
and the /etc/acucap file that defines your modem. For example, the 
following two entries are for the modem specified in step 1a of Section 6.3.3: 


tip38400:tc=us38400 1 
us38400|38400 Baud dial out via US Robotics modem: \ 2 
:el=*U*C*R*0*D*S*0@: ie=#%$:0e=“*D: \ 3 
:dv=/dev/tty00:br#38400:ps=none:at=us:du: 4 


1] Points tothe us38400 entry specifying shared capabilities for modems 
First line of the us38400 entry 


Defines end-of-line characters, and input and output end-of-file marks 


Defines the device to open for the connection, the speed, the parity, the 
name of the /etc/acucap entry, and the dial-up line 


B&B) |!) | 


You might use generic entries like these to connect to any number of remote 
systems. 


Optionally, you can create an entry for each remote system you contact. 
Then you can include settings that are specific to those systems, for example, 
their phone numbers. See remot e(4) for more information. 
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7 


Local Area Transport Connections 


The Local Area Transport (LAT) protocol supports communications between 
host computer systems and terminal servers with terminals, PCs, printers, 
modems and other devices over local area networks (LANs). The Tru64 
UNIX LAT implementation is a STREAMS-based driver. 


This chapter describes: 
¢ TheLAT implementation on Tru64 UNIX systems 
¢« Thedifferent configurations possible in a LAT environment 


¢ How toconfigure and maintain a LAT environment 


For additional introductory information on LAT, see lat_intro(7). For 
troubleshooting information, see Section 15.17. 


7.1 LAT Environment 


In the LAT environment, systems can have the following roles: 


*« Service node — A system that offers LAT services to users on the LAN 
and accepts connections from server users. 


¢« Server node — A terminal server or a system that is configured for 
outgoing connections. Server nodes enable users attached to the node to 


initiate LAT sessions through outgoing ports to LAT services offered by 
LAT service nodes. 


Figure 7-1 shows a sample LAN with LAT server nodes and LAT service 
nodes. 
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Figure 7-1: Sample LAT Network Configuration 
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TheLAT software also permits host applications to initiate connections to 
server ports, designated as application ports, to access remote devices. The 
following sections describe: 


¢ Types of LAT connections 
¢ Access control ina LAT network 
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¢ Password specification for remote servers 
e Load balancing 


7.1.1 Types of LAT Connections 


The following types of LAT connections are permitted: 


¢ Terminal-to-host connections — The basic LAT connection in which a 
user at a terminal connected to a terminal server connects to a LAT 
service. For example, a user at a terminal connected to terminal 
server C and connecting to a service on host A in Figure 7-1 is usinga 
terminal-to-host connection. 


¢ Host-initiated connections — A connection in which a bit-serial, 
asynchronous device connected to a terminal server communicates with 
user-written applications on a LAT host. For example, a user who set up 
host A to use a printer on host D in Figure 7-1 is using a host-initiated 
connection. 


* Outgoing connections — A connection in which a user on a LAT server 
node can connect to a LAT service by using the 1login command. For 
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example, a user on host B who connects toa LAT service on host A in 
Figure 7-1 is using an outgoing connection. 


e Lattelnet gateway connections — A connection in which a user at 
a terminal connected to a terminal server connects to a remote host 
through an intermediate Tru64 UNIX host. For example, a user at 
a terminal connected to terminal server C who is connecting to the 
lattelnet service on host D in Figure 7-1 is using a lattelnet connection. 


7.1.2 Controlling Access in a LAT Network 


Because LAT networks are local in nature, you havea high degree of control 
over the LAT environment and who has physical access to LAT devices. In 
addition to controlling physical access, the following features enable you 

to control LAT access: 


e LAT terminal server login password — You can require that users enter 
a password to gain access to terminal servers. (Refer to your terminal 
server documentation for more information.) 


¢« LAT groups — You can establish LAT groups and restrict host 
communication to particular groups in the following cases: 


- OnaLaAT service node, by issuinga latcp -g —a command 
- OnaLaAT server node, by issuing a latcp —u command 


- Onaterminal server (refer to your terminal server documentation 
for more information) 


In general, groups are set up by the network manager, system manager, and 
server managers to partition the LAT network into logical subdivisions and 
to restrict message traffic between servers and service nodes. In addition, 
using groups can help you manage the size of the servers’ LAT databases by 
limiting the number of service nodes for which the server keeps information. 


Note 


You can use groups to restrict access, but they are not intended as 
a security mechanism. 


To establish a connection with a LAT service node, the group enabled on a 
terminal server port or an outgoing port on a LAT server node must match 
at least one group on the service node. Similarly, for a terminal server or 
server node to process messages from service nodes, the group enabled on 
a terminal server port or an outgoing port on the server node must match 
at least one group on the service node. Otherwise, the messages from the 
service nodes are ignored. 
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For more information on enabling LAT service node groups and outgoing 
port groups, refer to latcp(8). 


7.1.3 Specifying Passwords for Remote Services 


The LAT protocol enables you to specify a password for access to remote 
services that are protected by a password. When password checking is 
enabled on a terminal server that offers a service that is password protected, 
you must specify the password when you map the application port; if you 
do not, all attempts to connect to the service from the terminal server are 
rejected. See latcp(8) for more information. 


7.1.4 Load Balancing 


When more than one node on a LAN offers the same service, the terminal 
server connects to the node with the highest rating for the service desired. 
The rating is based on the current load on the nodes that offer the service. 
This process is called load balancing. 


Load balancing works in a heterogeneous environment. Therefore, service 
nodes with the same names may be running different operating systems. 


7.2 Planning LAT 


This section describes the tasks you must complete before configuring LAT. 


7.2.1 Verifying That the LAT Subset Is Installed 


Verify that the LAT subset is installed by entering the following command: 


# setld -i | grep OSFLAT 


If the LAT subset is not installed, install it by using the set 1d command. 
For more information on installing subsets see set 1d(8), the Installation 
Guide, or the Systen Administration manual. 


After the LAT subset is installed, reboot the system to load the LAT module 
into the kernel. The system is configured to dynamically load the LAT 
module into the kernel when the system boots. 


7.2.2 Verifying DLB Support in the Kernel 


After you install the LAT subset, verify that Data Link Bridge (DLB) support 
is in the kernel by issuing the following commana: 


# sysconfig -q dlb 
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If the dlb: prompt is not displayed, log in as superuser and complete the 
following steps: 


1. Edit the configuration file and add the following entry to it: 


options DLB 


The default configuration file is /sys/conf / HOSTNAME where 
HOSTNAME is the name of your host processor, in uppercase letters. 


2. Build anew kernel by issuing the doconfig command. If you are 
unfamiliar with rebuilding the kernel, see the System Administration 
manual. 


3. Reboot your system with the new kernel by issuing the following 
command: 
# shutdown -r now 


This command immediately shuts down and automatically reboots the 
system. 


7.2.3 Preparing for the Configuration 


After you verify DLB support in the kernel, you can configure LAT by using 
the latsetup utility. 


Figure 7-2 shows the LAT Setup Worksheet, which you can use to record 
the information required to configure LAT. If you are viewing this manual 
online, you can use the print feature to print the worksheet. The following 
sections explain the information you need to record on the worksheet. 


Figure 7-2: LAT Setup Worksheet 


Start LAT automatically at boot time: Yes No[ 
Type of tty devices: 

Number of LAT tty devices: 

Number of LAT entries (getty) in /etc/inittab: 


Start LAT automatically at boot time 


By default, the /sbin/init.d/lat startup and shutdown script 
automatically starts LAT upon reaching run level 3 and stops LAT 
when exiting run level 3. If you do not want LAT to be started 
automatically, check No; otherwise, check Yes. 
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Type of tty devices 


The type of terminal device (tty) for each LAT connection. Tru64 UNIX 
supports SVR4 and BSD device types. It is best to use SVR4 devices 
because the SVR4 format allows you to create more devices. 


SVR4 device special files have the following format: 
/dev/lat/n 


The value nis a number between 620 and 4370. For example, 
/dev/lat/620, /dev/lat/777, and /dev/lat/4000 specify SVR4 
devices. 


BSD device special files have the following format: 
/dev/ttyWx 


The value wis a number from 0 to 9; x is an alphanumeric from 0 to 9, 
a lowercase a to z, or an uppercase A to Z. For example, /dev/tty02, 
/dev/tty0e, and /dev/tty9f specify BSD LAT terminal devices. 
However, all BSD terminal device names are not case sensitive. The 
device special files /dev/tty9f and /dev/tty9F are both converted 
to TTYOF, 


This format enables you to specify up to 620 BSD terminal devices 
which are available to any serial devices (Such as UUCP) running on 
the system. Therefore, fewer than 620 BSD devices may be available 
for LAT. 


Number of LAT tty devices 


The total of the desired number of simultaneous incoming LAT 
connections, the number of application ports, and the number of 
outgoing connections needed. 


Number of LAT entries (getty) in /etc/finittab 


The number of LAT getty entries to be added tothe /etc/inittab 
file. This is the number of simultaneous incoming LAT connections 
desired. 


7.3 Configuring LAT 


Use the latsetup utility to configure and administer LAT on your system. 
To use the latsetup utility, LAT and DLB must be configured into the 
running kernel, your system must be at run level 3 or 4, and you must 

be logged in as superuser. See the latsetup(8) reference page for more 
information. 


The latsetup utility allows you to do the following: 
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e« Create LAT device special files. 

e Addor removegetty entries to or fromthe /etc/inittab file. 
e Execute the init gq command. 

e Start or stop the LAT driver. 


¢« Enableor disable LAT automatic startup and shutdown. When enabled, 
LAT starts automatically upon reaching run level 3. 


You cannot configure LAT over NetRAIN virtual interfaces or the adapters 
that compose NetRAIN sets. LAT is not supported over NetRAIN. 


From the SysMan Menu, invoke the latsetup utility by selecting 
Networking>Additional Network Services—+Configure Local Area Transport 
(LAT). Alternatively, enter the following command on the command line: 


# /usr/sbin/latsetup 
If your terminal does not support curses, you must specify the-nocurses 
flag. This flag allows you torun latsetup in command-line mode. 

Note 


Do not run multiple Latsetup processes concurrently on the 
same machine. The latsetup user might receive erroneous 
information and the /etc/inittab file might become corrupted. 


7.4 Starting and Stopping LAT 


To manually start LAT, enter the following command: 
# /sbin/init.d/lat start 

To manually stop LAT, enter the following command: 
# /sbin/init.d/lat stop 


Note that when you stop LAT from within a LAT session, the session will 
close. 


7.5 Creating a LAT Startup File 


If LAT automatic startup and shutdown are enabled, when the system 
reaches run level 3, it loads LAT into the kernel and executes the 
/sbin/init.d/lat script. This script reads and executes the latcp 
commands in the /etc/latstartup.conf file (if this file exists), then 
starts LAT. See latcp(8) for more information on the latcp command. 
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If you do not have an /etc/latstartup.conf file, LAT is started with the 
default values for its parameters. Table 7-1 lists the LAT parameters and 
their default values. 


Table 7-1: LAT Parameters 


Parameter Default Value 

Node name Host name 

Multicast timer 60 seconds 

Network adapter All network adapters connected to broadcast media, 


except for NetRAIN virtual interfaces (nr) and those 
adapters that compose NetRAIN sets. 


Service name From the LAT node name parameter. Each service 
has the following parameters: 
Parameter Default Value 
Service “Compaq Tru64 UNIX Version x. x 
description LAT SERVICE” 
Rating Dynamic 


Group code 0 
Agent status Disabled 
Outgoing port groups Group 0 


Maximum number of 100 
learned services 


If you want to customize LAT on your system, you can create and modify the 
/etc/latstartup.conf file to include latcp commands. For example, 
you can define a particular node name or add service names. 


Note 


If your system is a member of a cluster, you must create the 
/etc/latstartup.conf fileas a Context-Dependent Symbolic 
Link (CDSL). See the Systen Administration manual for more 
information. 


Example 7-1 shows a sample /etc/latstartup.conf file. 


Example 7-1: Sample /etc/latstartup.conf File 


/usr/sbin/latcp -n testnode 1 

/usr/sbin/latcp -A -a lattelnet14 -i "LAT/telnet" -o [2 
/usr/sbin/latcp -A -a testservice 3 

/usr/sbin/latcp -g 0,21,52 -a testservice 4 
/usr/sbin/latcp —A -a boundservice -—p 620,621 5 
/usr/sbin/latcp -—c200 6 
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Example 7-1: Sample /etc/latstartup.conf File (cont.) 


/usr/sbin/latcp -A -—p 630 -O -V finance 7 
/usr/sbin/latcp -u 0,1,41,97 8 
/usr/sbin/latcp -e 1n0 9 


1] Changes the LAT node name. 


2] Adds an optional service that can be used for LAT/Telnet connections. 
(See Section 7.11 for more information on the LAT/Telnet gateway.) 


3] Adds an unbound interactive testservice service. 


4] Adds groups 0, 21, and 52 tothe testservice service. 


5| Adds a bound service and binds to it two LAT devices: 620 and 621, 
which are SVR4-style LAT devices. 


Increases the number of learned services to 200. 


Maps an outgoing port to finance service. 


Adds outgoing port groups 0, 1, 41, and 97. 
Adds the 1no adapter. 


oO} |O! IN| [Oo 


A latcp command that adds a service must occur in the latstartup.conf 
file before you can issue a latcp command requiring the service name. 
Lines 3 and 4 in Example 7-1 illustrate this point. 


7.6 Customizing the inittab File 


You can modify the /etc/inittab file to use a program other than getty. 
For example, you can add the following entry to /etc/inittab toconfigure 
LAT device 620 to use the user-defined program myownprogram: 


lat620:34:respawn:/usr/sbin/myownprogram /dev/lat/620 


The previous example uses an absolute pathname for the device 
/dev/lat/620. 


For more information on using user-defined programs with LAT, see 
Section 7.12. For more information on the /etc/inittab file and the 
getty utility, see inittab(4) and getty(8). 


You can also modify the /etc/inittab file to add LAT devices created 
manually after the initial configuration by adding an entry similar to the 
following: 


lat621:34:respawn:/usr/sbin/getty lat/621 console vt100 
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The second field (34) specifies the run level in which the entries will be 
processed. In this example, the getty process is spawned at either run level 
3 or 4. In addition, this example uses a relative pathname, lat /621. 


7.7 Running LAT Over Specific Network Adapters 


If your system is configured with multiple network adapters, by default the 
latcp program attempts to start the LAT protocol on all adapters that can 
support it (which excludes NetRAIN virtual interfaces and the adapters 
that compose NetRAIN sets). For adapters connected to different logical 
networks, this is probably desirable. However, for adapters connected toa 
single logical network, it is recommended that you run the LAT protocol 
over only one adapter. To specify the adapter, add the latcp -e adapter 
command tothe /etc/latstartup.conf file. See latcp(8) for more 
information. 


Usethenetstat -—i command to determine the adapters defined on your 
system. 


7.8 Setting Up Printers 


The following sections describe how you can set up a printer to print through 
LAT by completing these tasks: 


¢ Setting up the printer on a terminal server 

¢ Testing the port configuration 

¢ Setting up a service node for the printer 

¢ Setting up the print spooler on the service node 
¢ Testing the Printer 


Once the printer is properly configured, local LAT hosts can access the 
printer through host-initiated connections, as described in Section 7.9. 


These sections provide information on how to establish the LAT service. 
They do not contain all of the details of printer setup. For more 
information on setting up printers, see the System Administration manual, 
printconfig(8), lprsetup.dat(4), and lprsetup(8). 


In addition, before you start, you need to collect the following information: 
¢ Thename of the terminal server to which the printer will be attached 
e Either or both of the following: 

- Thename of the port to which the printer will be attached 

- Thename of the service assigned for the remote printer 
¢ Terminal server documentation 
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e Printer documentation 


Note 


The examples in this section usethe DE Cserver 700 server. Please 
refer to the documentation supplied for your terminal server. 


7.8.1 Setting Up the Printer on a Terminal Server 
To set up a printer, do the following: 


Connect the printer toa serial interface on a terminal server. 


Use the terminal server commands specified in the terminal server 
documentation to set up the server to allow access to the attached 
remote printer through host-initiated requests from the service node. 
(Service node refers to the local Tru64 UNIX LAT host.) 


3. Usethe printer documentation to determine your printer’s character 
size, flow control, parity, and speed. 


4. Compare the printer’s characteristics to the terminal server’s port 
settings. You can display the settings on the terminal server console by 
entering a command similar to the following: 


Local> SHOW PORT 7 CHARACTERISTICS 


This command displays the characteristics for port 7. Minimally, the 
terminal server should have settings for the port similar to the following: 


Character Size: Printer’s character size 


Flow Control: XON (or -CTS/RTS, for some printers) 
Speed: Printer’s speed 

Access: Remote 

Autobaud: Disabled 

Autoconnect: Disabled 


If the terminal server’s port settings do not match the printer’s 
characteristics, define the terminal server’s port settings by using the 
DEFINE command. For example: 


Local> DEFINE PORT 7 SPEED 9600 


5. After you define the settings for the port, log out of that port to initialize 
the new settings. For example: 


Local> LOGOUT PORT 7 
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7.8.2 Testing the Port Configuration 


To verify that the printer characteristics match in the printer and in the 
terminal server port, usethe TEST PORT command on the terminal server. 
For example, if the configuration is correct, the following command run on 
a DECserver 700 prints a test pattern of characters on a printer attached 
to port 7: 


Local> TEST PORT 7 


The printer prints 24 lines of test data unless you press the Break key at the 
terminal server console. |f data does not print or if it is incorrect, the port or 
the printer is incorrectly set, or there is a hardware problem. 


7.8.3 Setting Up a Service Node for the Printer 


On the service node (local LAT host), use the Latcp command to map 

an unused application port with the remote port or remote service on the 
terminal server. Use the terminal server name and either the name of the 
port or the name of the service for the printer from Section 7.8.1. 


For example, the following command maps the local application port 621 for 
the server LOCSER tothe remote printer port port07. 


# latcp —A -—p 621 -H LOCSER -R port07 


The following command specifies the remote printer service name instead of 
the remote print port: 


# latcp -A —p 621 —-H LOCSER —-V REMprinter07 


For more information, see latcp(8). 


7.8.4 Setting Up the Print Spooler on the Service Node 


To set up the print spooler for the remote printer, use the lprsetup 
command. The following symbols must be set in the printcap file for 
the service node (local LAT host) to access the remote printer through 
host-initiated connections: 


¢« ct — Connection type 
¢ lp — Device name to open for output 


The following example shows an /etc/printcap entry for aLAT printer: 


1p25|1po:\ 
:af=/usr/adm/lpacct:\ 
:Ct=LAT: \ 1 
:lf=/usr/adm/lperr: \ 
:lp=/dev/lat/621:\ 2 
:mx#0:\ 
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:of=/usr/lbin/1pf:\ 
:sd=/usr/spool/l1pd: 


1] Specifies LAT for the ct symbol. 


2] Specifies the LAT application port (tty device) that was used in the 
latcp command to set up the service node. You must specify the full 
path name for the |p symbol. 


7.8.5 Testing the Printer 


After you set up the printer, print a file to ensure everything works properly. 
For example, if the printer nameis!p25 and test isa text file, you can test 
the printer by issuing the following command: 


# lpr —Plp25 test 


If the printer does not work, verify that all the settings are correct. If 
the printcap file entry has an If symbol defined, you can check the 
corresponding log file for error information. 


7.9 Setting Up Host-Initiated Connections 


A host-initiated connection is one in which any bit-serial, asynchronous 
device connected to a terminal server can communicate with user-developed 
applications on an appropriately configured system. Examples of such 
devices are terminals, modems, communications ports on other host 
computer systems, and printers. Printer connections are discussed in 
Section 7.8. 


This section describes how you set up a system for host-initiated connections 
and provides guidelines for developing applications to take advantage of 
these connections. 


7.9.1 Setting Up the System for Host-Initiated Connections 
To set up your system for LAT host-initiated connections, do the following: 


1. Usethelatcp -A —p command tomap an application port (tty device) 
on the system with a remote port or service on a terminal server. In the 
following example, 623 is the application port, T1301A is the terminal 
server name, and PORT_6 is the terminal port name. 


# /usr/sbin/latcp —A —p 623 —-HT1301A —-R PORT 6 


Alternatively, you can specify a service name instead of a port name 
in this example. 
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2. Makesurethe protection bits, the owner, and the group of the tty device 
are set appropriately for the intended use of the connection. If ordinary 
users will open and read the tty device, make the device world readable. 


3. Set up the server port characteristics to match the characteristics of the 
device connected to the port and to allow host-initiated connections. See 
your device and terminal server documentation for this information. 


7.9.2 Program Interface 


Applications that employ host-initiated connections are much like 
applications for any tty device, with the following exceptions: 


« The programs communicate with the LAT driver through the device 
special file. When the host program issues an open call on the LAT tty 
device, the LAT driver attempts to establish a connection to the target 
port or service on the target server. The driver reports success and 
failure codes in the errno variable. 


e When the open call is successful, the user program issues read and 
write system calls to handle data transfers, and normal ioct1 
processing for the device control information. 


« Aclose system call on the device terminates the LAT connection. 


The dial .c application program in the /usr/examples/lat directory is 
an example of a program that can be used with host-initiated connections. 
To access this example, you must install the OSFEXAMPLES optional subset. 


The Tru64 UNIX LAT implementation is a STREAMS-based tty design. 
When aLAT tty device is opened, the POSIX line discipline module 1dterm 
is pushed onto the stream above the LAT driver. If your application does 
not need the additional processing provided by 1dterm, it must remove 
the module from the stream. 


The lined.c application program in the /usr/examples/lat directory 
demonstrates how terminal (tty) line disciplines are changed in a Clist-based 
tty and a STREAMS tty environment. To access this example, you must 
install the OSFEXAMPLES optional subset. Additionally, you can use the 
strchg command to change the STREAMS configuration of the user’s 
standard input. 


For more information, see autopush(8) and strchg(1). 


7.10 Setting Up Outgoing Connections 
An outgoing connection is onein which a local user can connect toa service 


on a remote host by using the Llogin command. To accomplish this, a 
named service on the remote host is associated with a terminal device special 
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file on the local host. See 1login(1) and the Command and Shd User's 
Guide for information on the 11login command. 


7.10.1 Setting Up the System for Outgoing Connections 
To set up your system for LAT outgoing connections, do the following: 


1. Map an outgoing port (tty device) on the system with a port or service 
on a remote system by using the latcp —A —p command. In the 
following example, 621 is the outgoing port and REMOTE_SERVICE is 
the service name on the remote node: 


# /usr/sbin/latcp —A —-p 621 —-O -V REMOTE SERVICE 


Alternatively, you can specify a remote node name and a port name, as 
in this example, where titan is the node and PORT_1 is the port: 


# /usr/sbin/latcp -A -p 621 -O -H titan -R PORT 1 


2. Verify that the remote service is a learned service available to your 
system, by using the following command: 


# /usr/sbin/latcp —d -1 


If the service is not displayed, the maximum number of learned services 
has been reached; the service might still be available. When an outgoing 
connection is attempted, the local host determines whether the remote 
serviceis available. If it is available, the outgoing LAT connection is 
made. 


To increase the maximum number of learned services, use the latcp 
—c command. See latcp8 and lat_intro(7) for more information on 
learned services. 


7.10.2 Program Interface 


Applications developed to employ outgoing connections adhere to the same 
guidelines as applications developed for host-initiated connections. See 
Section 7.9.2 for more information. 


The getdate.c application program inthe /usr/examples/lat directory 
is aS an example of a program that can be used with outgoing connections. 
To access this example, you must install the OSFEXAMPLES optional subset. 


7.11 Setting Up the LAT/Telnet Gateway 


TheLAT/Telnet gateway service enables a user on a LAT terminal server to 
connect to remote hosts running the Telnet protocol through an intermediate 
Tru64 UNIX host. The user does not have to log in to the local Tru64 UNIX 
system first. Optionally, if configured, you can use the rlogin command 

to connect directly to remote hosts. 
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To set up the LAT/Telnet gateway, perform the following steps: 


1. Definethe LAT/Telnet service by using the Latcp command. For 
example: 


# /usr/sbin/latcp -—A -—a lattelnet -i "LAT/telnet gateway" -o 


The-o flag specifies that this is an optional service. Optional services 
are used with specialized applications that are written especially for 
LAT. These services are bound toLAT tty devices for the exclusive use of 
the specialized applications. 


2. Edit the /etc/inittab file and modify the LAT device entries that 
you want to spawn the lattelnet service you created in step 1. The 
LAT terminals you select are dedicated to the gateway. The number of 
terminals selected determines the maximum number of simultaneous 
LAT/Telnet gateway sessions the system can deliver. For example, the 
following example shows LAT/Telnet gateway entries for three devices, 
which means that this system can deliver 3 simultaneous sessions: 


lat624:34:respawn:/usr/sbin/lattelnet lat/624 lattelnet 
lat625:34:respawn:/usr/sbin/lattelnet lat/625 lattelnet 
lat626:34:respawn:/usr/sbin/lattelnet lat/626 lattelnet 


If you want to use the rlogin command instead of Telnet, specify 
/usr/bin/rlogin as the third argument to the lattelnet program 
inthe /etc/inittab entry. For example: 


lat624:34:respawn:/usr/sbin/lattelnet lat/624 lattelnet /usr/bin/rlogin 


3. Usethe init program toread the inittab file and start the gateway 
by usingthe init gq command. 


4. Verify that the lattelnet process has started by using the ps 
command. 


The lattelnet program uses the syslogd daemon to log messages to 
the /var/adm/syslog.dated/date/daemon.1og file. Check this file 
to verify that no error messages were generated. 


5. Connect to the gateway from the LAT terminal server by entering the 
CONNECT command. For example, to connect to a remote node named 
REMOTE by using a local node named LOCAL as a gateway, enter: 


Local> CONNECT LATTELNET NODE LOCAL DEST REMOTE 
You can use this command line for either Telnet or rlogin. 


Alternatively, if connecting for Telnet, you can enter the service name 
LATTELNET and wait to be prompted for the remote node desired. The 
following example shows what occurs when a user on a terminal server 
connects to the service LATTELNET and waits for a login prompt from 
remote node MYTRIX: 
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Local> CONNECT LATTELNET 

LAT to TELNET gateway on printf 
telnet> OPEN MYTRIX 

Trying. 

Connected to mytrix. 

Escape character is '*]’. 
mytrix login: 


7.12 Creating Dedicated or Optional Services 


Dedicated services can be used in combination with your own specialized 
applications. The following specialized application programs are provided in 
the /usr/examples/lat directory: 


* latdate.c — Provides a user with the date and time 


* latdlogin.c — Provides a LAT/DECnet gateway for logging in over 
DECnet 


Setting up a dedicated service is similar to setting up the LAT/Telnet 
gateway. (See Section 7.11.) To set up a dedicated service, complete the 
following steps: 

1. Login as root. 


2. After you enter and compile the application code, copy the executable to 
the directory of your choice. 


3. Addtheservice by usingthe latcp —A —a command. For example: 
# /usr/sbin/latcp -—A -a showdate -i "LAT/date service" -o 
The-o specifies that this is a dedicated service. 


4. Edit the /etc/inittab file and add the dedicated tty device entries. 
For example: 


lat630:3:respawn:/usr/sbin/latdate lat/630 showdate 


Note 


You need an entry in the /etc/inittab file for every 
simultaneous service you want to run. The previous example 
only allows for one user of the latdate service at any one 
time. 


5. Usethe init program toread the inittab file and start the service 
by usingthe init gq command. 


To use the service at a LAT terminal, issue the CONNECT command. For 
example: 
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Local> CONNECT SHOWDATE 


A Tru64 UNIX host can also offer bound interactive and unbound interactive 
services. See lat_intro(7) for more information. For information on the 
commands used to create these services, see lat cp(8). 


7.13 Providing a Dedicated tty Device on a Terminal 


A terminal connected to a terminal server port can offer a dedicated tty 
device on a given Tru64 UNIX LAT host. This configuration is useful when 
the terminal user needs access to a Specific application (for example, a 
database) on the host, but must not be allowed to access other applications 
or hosts for security reasons. 


Once configured, the terminal will always be connected to the specified tty 
device on the LAT host. The user at the terminal cannot switch sessions or 
connect to different hosts or different tty devices on that host. 


7.13.1 Setting Up a Dedicated tty Device 
To set up a dedicated tty device on a terminal, perform the following steps: 


1. Determine the name of the terminal server and the port name on which 
the terminal is connected. The following terminal server commands 
display the name of the server and the port name, respectively: 


Local> SHOW SERVER 
Local> SHOW PORT number 


The number variable is the number of the port on the terminal server. 


2. OntheLAT host, map an application port (tty device) to the port on the 
terminal server by using the latcp —A —p command. For example, the 
following command maps an SVR4 device (application port 630 to port 2 
on the terminal server LATTERM: 


# latcp -A -p630 -H LATTERM -R PORT 2 
For more information, see lat cp(8g). 


3. OntheLAT host, add a getty entry tothe /etc/inittab file for the 
tty device that was mapped as an application port. For example: 


lat630:34:respawn:/usr/sbin/getty lat/630 console vt100 


4. Ontheterminal server, define the port’s access tobe REMOTE and log 
out from the port. For example: 


Local> DEFINE PORT 2 ACCESS REMOTE 
Local> LOGOUT PORT 2 
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5. Press Return on theterminal connected tothe terminal server port that 
you just set up. When the system prompt is displayed, the terminal is 
connected to the dedicated tty device. 


If you need to repeat the procedure, remove the getty entry from the 
/etc/inittab file, issue the init gq command, and start the procedure 
from the beginning. 


7.13.2 Removing a Dedicated tty Device 


To remove a dedicated tty device from a terminal port and allow the terminal 
connected to the port to connect to any host, do the following: 


Log in to another terminal on the same server. 
2. Set the port’s access toLOCAL and log out from the port. F or example: 


Local> DEFINE PORT 2 ACCESS LOCAL 
Local> LOGOUT PORT 2 


3. Unmap the application port and remove the getty entry from the 
/etc/inittab file. 
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Domain Name System 


The Domain Name System (DNS) is a mechanism for resolving unknown 
host names and Internet Protocol (IP) addresses that originate from sites on 
your company’s intranet or the Internet. A database lookup service that is 
part of the DNS daemon searches for the unknown hosts in local and remote 
hosts databases, which are distributed networkwide by the DNS. 


The implementation of DNS in Tru64 UNIX is based on Version 8.2.2 of the 
Berkeley Internet Name Domain (BIND) service, which is maintained by 
the Internet Software Consortium. 

This chapter describes: 

¢ TheDNS environment 

* How toconfigure your system for DNS 

« How to manage DNS servers and clients 


For introductory information on DNS, see bind_intro(7). For additional 
information about BIND service, see Appendix H and the BIND 
Configuration File Guide (provided in HTML format on the Tru64 UNIX 
Documentation CD-ROM). You can also visit the Internet Software 
Consortium website at the following URL: 


http://www.isc.org 


For IPv6 environments, the BIND server daemon, /usr/sbin/named, 
supports AAAA lookups over |Pv4 (AF_INET) connections only. The resolver 
and server have not been ported to IPv6, but IPv6 applications can make 
getaddrinfo and getnameinfo calls to retrieve the AAAA records. See 
the Network Programmer's Guide for information on using these routines. 


For troubleshooting information, see Section 15.7 and Chapter 17 for servers 
and Section 15.8 for clients. 


8.1 DNS Environment 


In the DNS environment, systems can have the following roles: 


¢« Master server — A system that is an authoritative source for information 
about a zone or zones and that maintains the master copy of the DNS 
database for the zone or zones. 
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This system runs the named daemon, answers requests from clients 
and other servers, caches information, and distributes the databases 
to slave servers. 


e« Slave server — A system that is an authoritative source for information 
about a zone or zones, but does not maintain the master copy of the 
DNS database for the zone or zones. Instead, a slave server loads its 
database files from the master server when the master server indicates 
that the files have been updated. 


This system runs the named daemon, provides backup for the master 
server, answers requests from clients and other servers, and caches 
information. 


e Stub server — A master server that delegates authority for a specified 
subzone to a server local to the subzone. 


The stub server does not retain information in its configuration files 
about the machines in the specified subzone. Instead of searching the 
master DNS database, it queries the local server for information about 
machines in the subzone. 


Typically, stub service is implemented so that the administrator of a 
subzone can change the configuration of the subzone without affecting 
the configuration file on the master server. 


¢ Caching-only server — A system that is not authoritative for any zones. 
This system runs the named daemon and responds to queries from other 
servers and clients by querying other servers for the information and 
caching the information it receives. Information is stored until the data 
expires. 


Typically, a caching-only server has direct access to the Internet and it 
answers queries exclusively about sites on the | nternet. 


¢ Forward-only server — A system that might be an authoritative source 
for information about a zone or zones, but is restricted as to how it 
obtains information about zones for which it is not authoritative. 


This system runs the named daemon and responds to queries from 
other servers and clients with information from its authoritative date 
and cache data. If the information is not present, the system forwards 
queries to a list of systems specified as forwarders in its named. conf 
file. The queries are forwarded to each forwarder system until the list 
is exhausted or the query is satisfied. Forward-only servers store the 
information they receive until the data expires. 


Typically, a forward-only server has restricted access to an intranet or 
the Internet. By providing a list of specific forwarders to contact, an 
administrator can prevent a forward-only server from attempting to 
contact servers that it cannot access. 
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¢ Client — A system that queries a server for host name and address 
information, interprets responses, and passes information to requesting 
applications. The client is also called a resolver. A client does not run 
the named daemon. 


Note 


Documentation for BIND prior to Version 8.1.1 referred to the 
master server as a primary server and the slave server as a 
secondary server. Though the terminology has changed, master 
and slave servers are still referred to as having primary and 
secondary authority, respectively, for zones. 


DNS runs on each system in your network. You must decide what role each 
system will play in the DNS environment that you create. For each domain, 
select one host to be the master server; there can be only one master server 
for each domain. Select one or more hosts to be slave, stub, and caching-only 
servers. Configure the rest of the hosts as DNS clients. 


Figure 8-1 shows a domain in which there are two servers, one on each 
subnet, and multiple clients. Server A, the master server, has primary 
authority for the zone and maintains the database files for the zone. Server 
B, the slave server, has secondary authority for the zone; it obtains a copy of 
the zone database from Server A and responds to queries from clients. 
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Figure 8-1: Sample Small DNS Configuration 
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Figure 8-2 shows a domain in which there are three zones: mktg.corp.com, 
eng.corp.com, and acct.corp.com. Server B is the master server for the 
mktg.corp.com zone and a slave server for the other two zones. It has 
primary authority for mktg.corp.com and secondary authority for each of 
the other two zones. Server C has primary authority for the eng.corp.com 
zone and secondary authority for each of the other two zones. Server D has 
primary authority for the acct.corp.com zone and secondary authority for 
each of the other two zones. Server A is both a router and a caching-only 
server. As a caching-only server, it caches information it receives from 
queries out of the parent domain. 
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In the same example, if the three zones were located in three different 
cities or countries, you could configure Server A at mktg.corp.com as a 
stub server for the other two remote zones. That way, all of the resource 
records for the remote sites would reside on servers (Server C and Server 
D) local to the eng.corp.com and acct.corp.com domains. The master server, 
Server A, would retain only the resource records for the name server that 
is local to each subdomain. Server A would query Server C and Server D 
for information about the machines in the eng.corp.com and acct.corp.com 
domains instead of searching its own master DNS database. 
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Figure 8-2: Sample Large DNS Configuration 
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8.2 Dynamic Updates 


Typically, whenever you connect a new host toa network, you need to rebuild 
the DNS database as explained in Section 8.9. If you do not update the 

DNS database, other computers on the network will not be able to resolve 
the new host's address. 


However, some clients, particularly Tru64 UNIX systems that are configured 
for |Pv6 networks and Microsoft Windows systems, can automatically update 
the DNS database for you. These clients support dynamic updates, which 
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allow hosts to inform the DNS master server that they are being added to 
or removed from the network. The clients simply specify their |P address 
and host name, and the named daemon automatically makes the appropriate 
changes in the DNS master data file. There is no need for intervention by 
the administrator of the master server, which saves the administrator a lot 
of effort in larger networks. 


See Section 8.5.1.2 for information about configuring dynamic updates on 
the DNS master server. 


8.3 Authentication of Dynamic Updates and Zone Transfers 


DNS servers can provide cryptographic authentication of the data they 
receive from other systems. Authentication reduces the possibility that a 
rogue system can assume the identity of another system and send bogus 
DNS data file updates to servers. 


The operating system provides support for symmetric cryptography, where 
two or more systems share a single private key for DNS authentication. 

A system that sends a DNS update to another system can use this key to 
generate a unique digital signature that corresponds to the data in the 
update. The system then attaches this signature to the update and sends 
the entire package to the target system. When the target system receives 
the signed update, it verifies the data by using the same private key to 
generate a second digital signature from the data. If the signatures match, 
the target system knows that the update came from the a trusted system 
and that it is safe to use. 


You can use cryptographic authentication for many purposes, including: 


¢ Secure dynamic updates — Allow the master server to authenticate the 
updates it receives from clients. 


e Secure zone updates — Allow the master server to authenticate zone 
transfer requests it receives from the slave servers, and subsequently, 
allow slave servers to authenticate the zone transfers they receive from 
the master server. 


For either of these applications, if the data is not correctly signed (by a 
trusted host), it is rejected. 


See Section 8.6 for information about configuring authentication for dynamic 
updates and zone transfers. 


8.4 Planning DNS 


Figure 8-3 shows the DNS Setup Worksheet, which you can use to record 
the information required to configure DNS. If you are viewing this manual 
online, you can use the print feature of your browser to print a copy of 
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this worksheet. The following sections explain the information you need 
to record on the worksheet. 


Figure 8-3: DNS Setup Worksheet 


DNS Setup Worksheet 


Local domain name: 
Host name resolution: __— /etc/hosts ___ DNS ___NIS 


Dynamic updates: (JYes [1 No 


Authentication: LJ Dynamic updates [1 Zone transfers [1 None 


Zones : 
. Data file and 
[]Primary []Secondary 
[Primary []Secondary 
[Primary [JSecondary 
L]Primary [JSecondary 
Forwarders 


Forwarder name: 


[Client | Server name: Internet address: 


Host name resolution: __. /etc/hosts WW DNS —_NIS 


Local domain name 


For a master server, the domain for which the server has primary 
authority. For client systems, the parent domain of which your local 
system is a part. For example, if your system’s domain name is 
excexcx.abc.xyz.com, your local domain name is abc. xyz.com. 


8.4.1 Server 
Host name resolution 


The order in which the local /etc/hosts file, DNS database, and NIS 
database are to be queried for host name resolution. 
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Indicate the order on the worksheet by placing the appropriate number 
next to each item. The following order is recommended: 

1. Local hosts file 

2. DNS database 

3. NIS database 


Dynamic updates 


Check Yes if you want to enable dynamic client updates; otherwise, 
check No. 


Authentication 


If you want the master server to authenticate the DNS database 
updates it receives from clients, check Dynamic updates. If you want to 
authenticate zone transfers between master and slave servers, check 
Zone transfers. If you do not require authentication, check None. 


If you plan to use the nd6éhostd daemon to provide dynamic updates 
for |Pv6 zones, do not enable authentication for these zones. The 
ndé6hostd daemon does not support authentication. 


Zone domain name 


The name of the top-level domain in the zone. 


Authority 


If the server is a master server for the zone (maintains the zone 
database file), check Primary. If the server is a slave server for the zone 
(copies the zone database file from the master), check Secondary. 


Data file and server address 


For a master server, the full directory and file name specification for 
the file in which the master database of zone information will be stored. 


For a slave server or stub server, the full directory and file name 
specification for the file in which a local copy of the database from the 
master server will be stored. Also, the|P address of the master server. 


Forwarder name 


The host name of a system or systems to which your server forwards 
queries that it cannot resolve locally. When the server receives a query 
that it cannot answer from its cache, it sends the query to a forwarder 
for resolution. If the forwarder cannot answer the query, the server 
might contact other servers directly. If your system is a F orward-only 
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server, you must include forwarder names; otherwise, forwarders are 
optional. 


8.4.2 Client 


Server name 


The name of a server to contact for host name resolution. Specify up to 
three servers. 


Internet address 


A corresponding IP address for the server or servers. 


Host name resolution 


The order in which the local /etc/hosts file, DNS database, and NIS 
database are to be queried for host name resolution. 


Indicate the order on the worksheet by placing the appropriate number 
next to each item. The following order is recommended: 


1. Local hosts file 
2. DNS database 
3. NIS database 


8.5 Configuring DNS 


Use the SysMan Menu application of the Common Desktop Environment 
(CDE) Application Manager to configure DNS on servers and clients. To 
invokethe SysMan Menu application, follow the instructions in Section 1.1.1. 


When you configure DNS, you must first set up the master server. You can 
configure the other systems in any order. 


8.5.1 Configuring a Master Server 


To configure a master server, do the following: 


Note 


If you are configuring an |Pv6 master server, see Section 8.5.1.1 
for more information. 


1. Copy into the /etc/namedb/src directory the hosts file that you want 
to convert to the DNS hosts database. 
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To create the a new file from which the hosts database will be created, 
you can update the master server's local /etc/hosts file (see 
Section 2.3.7) and copy it into the /etc/namedb/src directory with 
the same hosts file name. If a system isin your DNS domain and is 
running DNS but is not included in the master server’s hosts database, 
other systems in the domain cannot obtain its !P address. 


2. FromtheSysMan Menu, select Networking>Additional Network 
Services>Domain Name Service (DNS(BIND))—>Configure system as a 
DNS server to display the DNS Server Configuration dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman dns_ server 


3. Enter your local domain name, the domain for which the master server 
will have primary authority, in the Local Domain field. 


Select MASTER in the DNS Server Type pull-down menu. 


5. Indicate the order in which to resolve host name queries in the Host 
Name Resolution Order field. Open the pull-down menu and choose 
from the list of options. Administrators usually use either the DNS 
Database, Local Host File, NIS option or the Local Host File, DNS 
Database, NIS option; the latter is recommended. Your choice is 
recorded in the /etc/svc.conf file. 


Alternatively, you can run the svcsetup script to customize service 
order selection. See Section 8.8 and svcsetup(8) for information about 
modifying the svc.conf file. 


6. Select the Advanced DNS Options button to display the Advanced 
Options dialog box, which allows you to choose a different directory and 
files in which to save DNS server configuration information and cache 
data. Make changes, if necessary, then select OK to close the dialog box. 


7. Select Next to display the Local Name Server list. 


Select Add to display the Add Name Server dialog box. 


Enter the host name and IP address for a name server that your 
master server will query for addresses it cannot resolve by itself. 


c. Select OK to accept the entry. If the server is not a known host, 
select Yes to add it tothe /etc/hosts file. 


Repeat steps 7a through 7c, if necessary. It is best to specify two 
or three name servers. 


d. Select OK to accept the list of name servers. The addresses are 
later recorded in the /etc/resolv. conf file. 


8. Select the appropriate check box to create the DNS database. Specify 
the name of the source file to use in the Hosts File field. Use 
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/etc/namedb/src/hosts for the file you created in step 1 or the 
default for /etc/hosts. Select Next to continue. 


9. Select the appropriate check box to start the named daemon and select 
Next to continue. The utility prompts you to change the host name 
of the system. 


10. Select the appropriate check box to change the host name, if necessary. 
If you choose to change the host name, you are prompted to add 
localhost tothe access control list. Select Yes to allow graphical user 
interfaces to be displayed properly on your newly renamed system. 


11. Select Next to continue, then select Finish to save the configuration and 
start the named daemon. 


You are informed that you successfully configured the system as a DNS 
server. Select OK to close the DNS Server Configuration dialog box. 


You can also modify your server configuration after the initial setup. See 
the online help for more information. 


To enable dynamic updates on a DNS master server for |Pv6 or Microsoft 
Windows network environments, see Section 8.5.1.2 and Section 8.6. 


8.5.1.1. Configuring an IPv6 Master Server 


Configuring an |Pv6 master server is similar to configuring an | Pv4 master 
server with a few exceptions. The following sections describe the exceptions. 


8.5.1.1.1| DNS Configuration Files 


The /usr/examples/ipv6/namedb directory contains DNS configuration 
files that show sample IP v6 information for you to study and adapt to 
your environment. Of the files in that directory, the following files contain 
IPv6 information that show reverse lookup addresses and dynamic update 
examples: 


¢ /usr/examples/ipv6é/namedb/ipvé.rev 
¢ /usr/examples/ipv6é/namedb/ipv6é.db 
¢ /usr/examples/ipv6é/namedb/named.conf 


After you customize these files for your environment, save the original files in 
the /etc/namedb directory, then move the customized files to that directory. 


8.5.1.1.2 Server Guidelines 


To configure a DNS server to operate in an IPv6 network environment, 
review the following guidelines: 


¢ Select a node to function as an IP v6 name server. 
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Dedicate a zone to|Pv6 addresses or add IPv6 addresses to your 
enterprise’s current zone. 


If you want global | Pv6 name services, you must delegate a domain under 
the ip6.int domain for the reverse lookup of |Pv6 addresses. Send mail 
to the following address to request a domain for reverse lookups: 
bmanning@isi.edu 


See RFC 1886 for more information. 


See Section 3.2.5 information on how to create a reverse lookup zone 
name. 


If the system is already configured as a DNS server, change the 
/etc/resolv.conf file to point to the local node for name lookups, 
as follows: 


nameserver 127.0.0.1 


8.5.1.2 Enabling Dynamic Updates to the DNS Database 


To enable dynamic updates on a DNS master server for IP v6 or Microsoft 
Windows network environments, do the following: 


Caution 


Each time you reconfigure your DNS master server with the 
SysMan Menu, you must reenable dynamic updates by repeating 
these steps because your named. conf file will be rewritten. 


Edit the /etc/namedb/named. conf file and add the allow-update 
substatement to the master zone statements (forward and reverse 
lookup) for which you want to enable dynamic updates, as follows: 


zone "zone-name" { 
type master; 
file "file-name"; 
allow-update { any; }; 


Va 


zone "rev-ip.in-addr.arpa" { 
type master; 
file "file-name.rev"; 
allow-update { any; }; 


16 


For example, if you are enabling dynamic updates in an | Pv6 zone, the 
zone statements might appear as follows after the change: 
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zone "ipv6é.sitel.corp.example" { 
type master; 
file "ipvé.sitel.db"; 
allow-update { any; }; 
es "0.4.0.8.0.0.0.4.¢.8.0.1.0.0.1.2.0.0.f£.5.IP6.INT" { 
type master; 
file "ipvé.sitel.rev"; 
allow-update { any; }; 
}i 
Note that specifying any in the allow-update substatements allows 
any client to update the master DNS database. If you prefer to limit 
access to the database, see Section 8.6 for information about enabling 
authentication of dynamic updates. (However, note that the ndshostd 
daemon on | Pv6 clients does not support authentication.) 


Start or restart the named daemon. See the online help for more 
information. 


For information about configuring Microsoft Windows 2000 systems on a 
network with Tru64 UNIX DNS servers, see the Best Practice for Integrating 
Windows 2000 DNS Clients with Tru64 UNIX DNS Services at the following 
URL: 


http://www.tru64unix.compaq.com/faqs/publications/best_practices 


8.5.2 Configuring a Slave Server 


To configure a slave server, invoke the SysMan Menu as documented in 
Section 1.1.1 and do the following: 


1. 


From the SysMan Menu, select Networking—Additional Network 
Services>Domain Name Service (DNS(BIND))—>Configure system as a 
DNS server to display the DNS Server Configuration dialog box. 


Alternatively, enter the following command on a command line: 


# /usr/bin/sysman dns_ server 
Enter your local domain name in the Local Domain field. 
Select SLAVE in the DNS Server Type pull-down menu. 


Indicate the order in which to resolve host name queries in the Host 
Name Resolution Order field. Open the pull-down menu and choose 
from the list of options. Administrators usually use either the DNS 
Database, Local Host File, NIS option or the Local Host File, DNS 
Database, NIS option; the latter is recommended. Your choice is 
recorded in the /etc/svc.conf file. 
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Alternatively, you can run the svcsetup script to customize service 
order selection. See Section 8.8 and svcsetup(8) for information about 
modifying the svc.conf file 


5. Select the Advanced DNS Options button to display the Advanced 
Options dialog box, which allows you to choose a different directory and 
files in which to save DNS server configuration information and cache 
data. Make changes, if necessary, then select OK to close the dialog box. 


6. Select Next to display the Zones Served list. 


Select Add to display the Add Zone dialog box. 


Select the Slave radio button in the Authority field and enter the 
name of the zone (domain) for which this server will have secondary 
authority. 


c. Enter the name of the local file in which to store a copy of the 
database of zone information from the master server. Also, enter 
the IP address of the master server. 


d. Select OK to accept the entry. Repeat steps 6a through 6d for 
additional entries. At the very least, you must add a forward lookup 
entry and reverse lookup entry for each zone. 


Given the following /etc/namedb/named. conf file on the master 
server, you would add entries in the slave’s Zones Served list for the 
domain. suffix and nn.nnn. in-addr.arpa zones: 


zone domain.suffix { 
type master; 
file "hosts.db"; 


}; 


zone mn.nnn.in-addr.arpa { 
type master; 
file "hosts.rev"; 


es 


7. Select Next to display the Local Name Server list. 


Select Add to display the Add Name Server dialog box. 


Enter the host name and IP address for a name server that your 
slave server will query for addresses that it cannot resolve by itself. 


c. Select OK to accept the entry. If the server is not a known host, 
select Yes to add it tothe /etc/hosts file. 


Repeat steps 7a through 7c, if necessary. It is best to specify two 
or three name servers. 


8-14 Domain Name System 


10. 


d. Select Next to accept the list of name servers. The addresses are 
later recorded in the /etc/resolv.conf file. 


Select the appropriate check box to start the named daemon and select 
Next to continue. The utility prompts you to change the host name 
of the system. 


Select the appropriate check box to change the host name, if necessary. 
If you choose to change the host name, you are prompted to add 
localhost tothe access control list. Select Yes to allow graphical user 
interfaces to be displayed properly on your newly renamed system. 


Select Next to continue, then select Finish to save the configuration and 
start the named daemon. 


You are informed that you successfully configured the system as a DNS 
server. Select OK to close the DNS Server Configuration dialog box. 


You can also modify your server configuration after the initial setup. See 
the online help for more information. 


8.5.3 Configuring a Caching-Only Server 


To configure a caching-only server, invoke the SysMan Menu as documented 
in Section 1.1.1 and do the following: 


1. 


From the SysMan Menu, select Networking—Additional Network 
Services>Domain Name Service (DNS(BIND))—>Configure system as a 
DNS server to display the DNS Server Configuration dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman dns_ server 

Enter your local domain name in the Local Domain field. 
Select CACHING in the DNS Server Type pull-down menu. 


Indicate the order in which to resolve host name queries in the Host 
Name Resolution Order field. Open the pull-down menu and choose 
from the list of options. Administrators usually use either the DNS 
Database, Local Host File, NIS option or the Local Host File, DNS 
Database, NIS option; the latter is recommended. Your choice is 
recorded in the /etc/svc.conf file. 


Alternatively, you can run the svcsetup script to customize service 
order selection. See Section 8.8 and svcsetup(8) for information about 
modifying the svc.conf file 


Select the Advanced DNS Options button to display the Advanced 
Options dialog box, which allows you to choose a different directory and 
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files in which to save DNS server configuration information and cache 
data. Make changes, if necessary, then select OK to close the dialog box. 


Select Next to display the Local Name Server list. 


Select Add to display the Add Name Server dialog box. 


Enter the host name and IP address for a name server that your 
caching-only server will query for addresses that it cannot resolve 
by itself. 


c. Select OK to accept the entry. If the server is not a known host, 
select Yes to add it tothe /etc/hosts file. 


Repeat steps 6a through 6c, if necessary. It is best to specify two 
or three name Servers. 


d. Select Next to accept the list of name servers. The addresses are 
later recorded in the /etc/resolv.conf file. 


Select the appropriate check box to start the named daemon and select 
Next to continue. The utility prompts you to change the host name 
of the system. 


Select the appropriate check box to change the host name, if necessary. 
If you choose to change the host name, you are prompted to add 
localhost tothe access control list. Select Yes to allow graphical user 
interfaces to be displayed properly on your newly renamed system. 


Select Next to continue, then select Finish to save the configuration and 
start the named daemon. 


You are informed that you successfully configured the system as a DNS 
server. Select OK to close the DNS Server Configuration dialog box. 


You can also modify your server configuration after the initial setup. See 
the online help for more information. 


8.5.4 Configuring a Forward-Only Server 


To configure a forward-only server, invoke the SysMan Menu as documented 
in Section 1.1.1 and do the following: 


1. 


From the SysMan Menu, select Networking—Additional Network 
Services>Domain Name Service (DNS(BIND))—Configure system as a 
DNS server to display the DNS Server Configuration dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman dns_ server 

Enter your local domain name in the Local Domain field. 
Select FORWARDER in the DNS Server Type pull-down menu. 
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Indicate the order in which to resolve host name queries in the Host 
Name Resolution Order field. Open the pull-down menu and choose 
from the list of options. Administrators usually use either the DNS 
Database, Local Host File, NIS option or the Local Host File, DNS 


Database, NIS option; the latter is recommended. Your choice is 
recorded in the /etc/svc.conf file. 


Alternatively, you can run the svcsetup script to customize service 
order selection. See Section 8.8 and svcsetup(8) for information about 
modifying the svc.conf file. 


Select the Advanced DNS Options button to display the Advanced 
Options dialog box, which allows you to choose a different directory and 
files in which to save DNS server configuration information and cache 
data. Make changes, if necessary, then select OK to close the dialog box. 


Select Next to display the Forwarders list. 


a. Select the appropriate check box to indicate that you want to 
configure the system as a forward-only server. 

b. Select Add to display the Add Forwarder dialog box. 

c. Enter the!P address for a forwarder, a name server that your 
forward-only server will query for addresses on remote networks 
(like the Internet). 

d. Select OK to accept the entry. If the server is not a known host, 
select Yes to add it tothe /etc/hosts file. 

Repeat steps 6b through 6d, if necessary. It is best to specify two or 
three forwarders. 

e. Select Next to accept the list of forwarders. The addresses are later 


recorded in the /etc/resolv. conf file. 


Select Next to display the Local Name Server list. 


Select Add to display the Add Name Server dialog box. 


Enter the host name and IP address for a name server that your 
forward-only server will query for addresses on the local network. 


c. Select OK toaccept the entry. If the server is not a known host, 
select Yes to add it to the /etc/hosts file. 
Repeat steps 7a through 7c, if necessary. It is best to specify two 
or three name servers. 

d. Select Next to accept the list of name servers. The addresses are 


later recorded in the /etc/resolv. conf file. 
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8. Select the appropriate check box to start the named daemon and select 
Next to continue. The utility prompts you to change the host name 
of the system. 


9. Select the appropriate check box to change the host name, if necessary. 
If you choose to change the host name, you are prompted to add 
localhost tothe access control list. Select Yes to allow graphical user 
interfaces to be displayed properly on your newly renamed system. 


10. Select Next to continue, then select Finish to save the configuration and 
start the named daemon. 


You are informed that you successfully configured the system as a DNS 
server. Select OK to close the DNS Server Configuration dialog box. 


You can also modify your server configuration after the initial setup. See 
the online help for more information. 


8.5.5 Configuring a Stub Server 


To configure a stub server, invoke the SysMan Menu as documented in 
Section 1.1.1 and do the following: 


Note 


When configuring stub service, run the SysMan Menu application 
on the server that will have authority for the subzone, not on the 
master server. See the definition for a stub server in Section 8.1 
for more information. 


1. FromtheSysMan Menu, select Networking>Additional Network 
Services>Domain Name Service (DNS(BIND))—>Configure system as a 
DNS server to display the DNS Server Configuration dialog box. 


Alternatively, enter the following command on a command line: 


# /usr/bin/sysman dns_ server 
Enter your local domain name in the Local Domain field. 
Select STUB in the DNS Server Type pull-down menu. 


4. Indicate the order in which to resolve host name queries in the Host 
Name Resolution Order field. Open the pull-down menu and choose 
from the list of options. Administrators usually use either the DNS 
Database, Local Host File, NIS option or the Local Host File, DNS 
Database, NIS option; the latter is recommended. Your choice is 
recorded in the /etc/svc.conf file. 
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Alternatively, you can run the svcsetup script to customize service 
order selection. See Section 8.8 and svcsetup(8) for information about 
modifying the svc.conf file 


Select the Advanced DNS Options button to display the Advanced 
Options dialog box, which allows you to choose a different directory and 
files in which to save DNS server configuration information and cache 
data. Make changes, if necessary, then select OK to close the dialog box. 


Select Next to display the Zones Served list. 


Select Add to display the Add Zone dialog box. 


Select the Stub radio button in the Authority field. Enter the name 
of the stub zone (domain). 


c. Enter the name of the local file in which to store a copy of the 
database of zone information from the master server. Also, enter 
the IP address of the master server. 


d. Select OK to accept the entry. Repeat steps 6a through 6d for 
additional entries. At the very least, you must add a forward lookup 
entry and a reverse lookup entry for each zone. 


Given the following /etc/namedb/named. conf file on the master 
server, you would add entries in the slave’s Zones Served list for the 
domain. suffix and nn.nnn. in-addr.arpa zones: 


zone domain.suffix { 
type master; 
file "hosts.db"; 


}; 


zone mnn.nnn.in-addr.arpa { 
type master; 
file "hosts.rev"; 


hy 


Select Next to display the Local Name Server list. 


Select Add to display the Add Name Server dialog box. 


Enter the host name and IP address for a name server that your 
stub server will query for addresses that it cannot resolve by itself. 


c. Select OK to accept the entry. If the server is not a known host, 
select Yes to add it tothe /etc/hosts file. 


Repeat steps 7a through 7c, if necessary. It is best to specify two 
or three name servers. 


d. Select Next to accept the list of name servers. The addresses are 
later recorded in the /etc/resolv.conf file 
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10. 


Select the appropriate check box to start the named daemon and select 
Next to continue. The utility prompts you to change the host name 
of the system. 


Select the appropriate check box to change the host name, if necessary. 
If you choose to change the host name, you are prompted to add 
localhost tothe access control list. Select Yes to allow graphical user 
interfaces to be displayed properly on your newly renamed system. 


Select Next to continue, then select Finish to save the configuration and 
start the named daemon. 


You are informed that you successfully configured the system as a DNS 
server. Select OK to close the DNS Server Configuration dialog box. 


You can also modify your server configuration after the initial setup. See 
the online help for more information. 


8.5.6 Configuring a DNS Client 


To configure a DNS client, invoke the SysMan Menu as documented in 
Section 1.1.1 and do the following: 


1. 


From the SysMan Menu, select Networking—Additional Network 
Services>Domain Name Service (DNS(BIND))—>Configure system as a 
DNS client to display the Configure DNS Client dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman dns client 

Enter your local domain name in the Local Domain field. 
Select Add to add a name server. 

Enter the host name and the IP address for the name server. 


The addresses are recorded in the /etc/resolv.conf file, where the 
resolver uses them to determine the |P addresses of name servers it 
will query. 


Select OK to add the host name to the list of name servers. If the 
specified host is not listed in the /etc/hosts file, the script prompts 
you to add it to that file. Select Yes or No. 


To add other name servers, repeat steps 3 through 5. You can specify 
up to three name servers. 


Indicate the order in which to resolve host name queries in the Host 
Name Resolution Order field. Open the pull-down menu and choose 
from the list of options. Administrators usually use either the DNS 
Database, Local Host File, NIS option or the Local Host File, DNS 
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Database, NIS option; the latter is recommended. Your choice is 
recorded in the /etc/svc.conf file. 


Alternatively, you can run the svcsetup script to customize service 
order selection. See Section 8.8 and svcsetup(8) for information about 
modifying the svc.conf file. 


7. Configure your system to search alternate domains for address 
resolution by doing the following: 
Select Domains Searched to display the associated dialog box. 
Select Add to display the Add/Modify dialog box. 


c. Enter the name of a domain to search. Your local domain is 
searched by default; you do not need to enter it. 


d. Select OK to accept the entry. Repeat steps 7b through 7d, if 
necessary. You can specify up to six domains. 


e. Select OK to accept the list of domains to be searched. 


8. Select OK to accept the configuration. The script prompts you to change 
the host name of the system. 


9. Select Yes or No as appropriate. If you choose Yes to change the host 
name, you are prompted to add localhost tothe access control list. 
Select Yes to allow graphical user interfaces to be displayed properly 
on your newly renamed system. 


10. Select OK to close the Configure DNS Client dialog box. 


You can also modify your client configuration after the initial setup. See 
the online help for more information. 


For IPv6 network environments, to enable dynamic updates for a DNS 
client, do the following: 


1. Runthe ipé setup script and enable dynamic updates of |Pv6 
addresses by answering y and provide a fully qualified domain name for 
the |Pv6 host. See Section 3.4.2 and Section 3.5.1 for more information. 


2. Configure the DNS/BIND server to allow the updates (see 
Section 8.5.1.2). 


If you do not want to enable dynamic updates, you must still run the 
ip6 setup script, but no special DNS configuration is necessary. 


8.6 Configuring Authentication 


The following sections describe how to configure authentication on DNS 
servers for the following purposes: 
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¢« Secure dynamic updates 
* Secure zone transfers 


Authentication serves a purpose only when the private key remains a secret 
between the servers; therefore, it is prudent to change this key frequently 
and save the key file as specified in the following sections to prevent the 
key from being compromised. 


8.6.1 Configuring Secure Dynamic Updates 


If you plan to use the ndéhostd daemon to dynamically update I Pv6 zones, 
do not enable authentication for these zones. The ndéhostd daemon does 
not support authentication. 


To configure a master server to authenticate dynamic updates it receives 
from new DNS dients (Microsoft Windows systems), do the following: 


Caution 


Each time you reconfigure your DNS master server with the 
SysMan Menu, you must reenable secure client updates by 
repeating these steps because your named. conf file will be 
rewritten. 


1. Generate a private key using the dnskeygen command, as follows: 


# dnskeygen -H size -h -c -n key-name 


Valid key sizes are 512, 576, 640, 704, 768, 832, 896, 960, and 1024. 
Larger keys are more cumbersome, but they are more secure. 


You can supply any name for a key, but it is best to give the keys 
canonical names so they are easy to distinguish. For example, if 
hosts from the xyz.corp.com zone send dynamic updates to your 
master server, marlin.xyzZ.corp.com, you might want to name your key 
xyznet-marlin_update. 


The dnskeygen command produces two files: 

° K<key-name><proto-id><key-id>.key 

° K<key-name><proto-id><key-id>.private 

Hereafter, these files are referred toas the .key and . private files. 


For more information about generating keys, see the dnskeygen(1) 
reference page. 


2. Createa file, possibly named.keys, to contain the key configuration 
statement for the update. This file must be read/writeable only by 


8-22 Domain Name System 


superuser to prevent the private key from being compromised. F or 
example: 


# cd /etc/namedb 
# touch key-config-file 
# chmod 600 key-config-file 


Incorporate the key information from the . private file into the 
key-config-file by adding the following key statement: 


key key-name { 
algorithm hmac-md5; 
secret "generated-key"; 


}i 

In the key statement, replace key-name with the name of the key 

and generated-key with the entire private key as it appears in the 
.private file. It is best to enter the key by opening the . private file 
in another window, copying the necessary key text, and pasting the 
text into the text editor window. There must be no line feeds or spaces 
between the quotes that contain the key; if even one character is entered 
incorrectly, authentication fails. 


Add the following include statement to the top of the 
/etc/namedb/named. conf file: 


include "/etc/namedb/key-config-file"; 


Replace key-config-file with the name of the key configuration 
file you created in steps 2 and 3. 


When the named daemon starts and reads the DNS data file, it calls the 
key-config-file and parses its contents. 


Enable secure dynamic updates for the master zone by adding the 
allow-update substatement to the master zone statements (for 
forward and reverse lookups) in the named. conf file: 


zone "zone-name" { 
type master; 
file "file-name"; 
allow-update { 
key key-name; 
‘a 


}; 


zone "rev-ip.in-addr.arpa" { 
type master; 
file "hosts.rev"; 
allow-update { 
key key-name; 
}i 
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Replace key-name with the name of the file you created in steps 2 and 3. 


Specifying a key in this statement ensures that updates are successful 
only if they are signed with the private key. 


6. Restart the named daemon by issuing the following command: 


# /sbin/init.d/named restart 


Once you have configured the master server to support secure dynamic DNS 
updates from new hosts, you can distribute the private key as necessary to 
administrators who need to add these hosts to the network. It is best to 
physically distribute the key on magnetic or optical media as opposed to 
sending it over the network where it can be compromised. 


You can format a floppy for this purpose. See mtools(1) for information 
about formatting and reading Microsoft Windows-compatible floppy disks 
on a Tru64 UNIX system. If the described tools are not available, you need 
to install the OSFDOSTOOLS subset. 


For information about configuring Microsoft Windows 2000 systems on a 
network with Tru64 UNIX DNS servers, see the Best Practice for Integrating 
Windows 2000 DNS Clients with Tru64 UNIX DNS Services at the following 
URL: 


http://www.tru64unix.compaq.com/faqs/publications/best_practices 


Note that when clients send updates to the master server, the named daemon 
does not immediately update the master database files. It creates temporary 
database.ixfr and database.1og files where it logs the changes until 
they can be incorporated into the database. However, the daemon does 
become aware of the updates almost immediately in memory. You can verify 
them with the nslookup command as explained in Section 8.10.1. 


8.6.2 Configuring Secure Zone Transfers 


To configure a master server and slave servers to use authentication for zone 
transfers, do the following: 


Caution 


Each time you reconfigure DNS with the SysMan Menu, you must 
reenable secure zone transfers by repeating these steps because 
your named. conf file will be rewritten. 


1. Onthe master server, perform steps 1-4 as specified in Section 8.6.1. 
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When creating a key name, choose a name that describes 

the zone transfer. For example, if the master server, 
marlin.xyz.corp.com, is sending updates to the slave server, 
minnow.xyz.corp.com, for the xyz.corp.com zone, you might name the 
key xyznet-marlin-minnow_transfer. 


On the master server, add the allow-transfer substatement to the 
master zone statements (for forward and reverse lookups) in the 
/etc/namedb/named. conf file. 


include "/etc/namedb/key-file"; 


zone "zone-name" { 
type master; 
file "hosts.db"; 
allow-transfer { 
key key-name; 


13 


zone "rev-ip.in-addr.arpa" { 
type master; 
file "hosts.rev"; 
allow-transfer { 
key key-name; 
}i 


1 


Replace key-name with the name of the key as you specified it in the 
key configuration file you created in steps 2 and 3 of Section 8.6.1. 


Adding this server statement ensures that the master servers transfers 
the zone only if the request is signed with the private key. It also 
ensures that the master server signs the zone transfer with the key 
before it sends the data to the slave server. 


Transfer the key configuration file (key-config-file or named.keys) 
over from the master server to the slave server(s). It is best to physically 
transfer this file on magnetic or optical media as opposed to sending it 
over the network where it can be compromised. 


You can format a floppy for this purpose. See mtools(1) for information 
about formatting and reading Microsoft Windows-compatible floppy 
disks on a Tru64 UNIX system. If the described tools are not available, 
you need to install the OSFDOSTOOLS subset. 


On the slave server(s), ensure that the permissions are set for 
read/writable only by superuser: 


# chmod 600 key-config-file 
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4. Ontheslave server(s), add an include statement tothe named. conf 
file to call the key-config-file. Also, insert the server statement 
after the include statement and before any zone statements: 


include "/etc/namedb/key-config-file"; 


server ip-address { 
keys {key-name}; 
re 


Replace key-config-file with the name of the key configuration file 
you copied over from the master server. Replace ip-address with the 
IP address of the master server. Finally, replace key-name with the 
name of the key you specifed in the key-config-file. 


Adding the server statement ensures that the slave server signs 
requests for zone transfers from the master server with the private key. 
It also ensures that the slave server authenticates signed zone transfers 
from the master server before it incorporates them into its data files. 


5. Restart the named daemon on the master server and the slave server(s) 
by issuing the following command: 


# /sbin/init.d/named restart 


8.6.3 Authentication Example 


The following examples show sample named. keys and named. conf files 
that implement both secure dynamic updates and secure zone transfers. 
These configuration files describe a network in which there is a DNS 
master server called marlin.ocean.corp.com and a slave server called 
minnow.ocean.corp.com. 


Example 8-1: Sample named.keys File for Authentication 


key oceannet-client update {|1 
algorithm hmac-md5 ;|2 
secret "1SYbJjbTOLH2DB+kRpf0fcTJk0mOca90GDGdn5R7L2vPhyCx 
daGhHp002pDU+PSzc1lE3Yk6Xg8jOkpRExx+2yw==";|3 


}; 


key oceannet-marlin-minnow transfer {|4 
algorithm hmac-md5; 
secret "648NyJi33LMhf00iavHjbkgqceTMJ71ZD4/r0DF9wglQ2WH2b 
peHLYj z2qgYMrx1dMYw9E9gDp6F6LTMDHHCVF1w=="; 
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In Example 8-1, the lines serve the following purpose: 


1 


Defines the oceannet-client update key, which will be used for 
secure dynamic updates from clients in the ocean.corp.com zone. 


Specifies the encryption algorithm. K eys for dynamic updates and zone 
transfers must be hmac-md5. 


Specifies the key string. This string must contain no spaces or carriage 
returns. 


Defines the oceannet -marlin-minnow_transfer key, which 
will be used for zone transfers between the master server, 
marlin.ocean.corp.com, and the slave server, minnow.ocean.corp.com. 


Example 8-2: Sample Master Server named.conf File for Authentication 


incl 


opti 


zone 


zone 


zone 


ude "/etc/namedb/named.keys";|1 
ons { 
directory "/etc/namedb/"; 
"0.0.127.in-addr.arpa" { 
type master; 
file "named.local"; 
"ocean.corp.com" { 
type master; 
file "hosts.db"; 
allow-update { 
key oceannet-client_update;|2 
allow-transfer { 
key oceannet-marlin-minnow_transfer;|3 
"6.134.20.in-addr.arpa" { 
type master; 
file "hosts.rev"; 
allow-update { 
key oceannet-client_update;|2 
allow-transfer { 
key oceannet-marlin-minnow_transfer;|3 
" nf 
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Example 8-2: Sample Master Server named.conf File for Authentication 
(cont.) 


type hint; 
file "named.ca"; 


}; 


In Example 8-2, the lines serve the following purpose: 


1] Calls the aforementioned named. keys file into the named. conf file. 


2) Specify that dynamic updates for the ocean. corp.com zone must be 
authenticated with the oceannet-client update key before they are 
incorporated into the DNS database. 


3] Specify that zone transfer requests for the ocean. corp.com zone must 
be authenticated with the oceannet -marlin-minnow_transfer key 
before any data is sent to the slave server(s). 


Example 8-3: Sample Slave Server named.conf File for Authentication 


include "/etc/namedb/named.keys"; 
server 20.134.6.2 { 


keys { oceannet-marlin-minnow_transfer };{1 
he 


options { 
directory "/etc/namedb/"; 


zone "0.0.127.in-addr.arpa" { 
type master; 
file "named.local"; 


zone "pubs.zk3.dec.com" { 
type slave; 
file "/etc/namedb/hosts.db"; 
masters { 
20.134.6.2/2]; 
}i 


zone "6.134.20.in-addr.arpa" { 
type slave; 
file "/etc/namedb/hosts.rev"; 
masters { 
20.134.6.2;|2 
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Example 8-3: Sample Slave Server named.conf File for Authentication 
(cont.) 


Va 
} 


zone "." { 
type hint; 
file "named.ca"; 


}; 


In Example 8-3, the lines serve the following purpose: 


1] Specifies that the slave server is to use the oceannet-marlin- 
minnow_transfer key for authentication of all communication 
between itself and 20.134.6.2 (marlin.ocean.corp.com). 


2] Specify that 20.134.6.2 isthe master server for the ocean. corp.com 
zone, and that it will provide the authoritative data for that zone. 


For more information about the statements in the named. conf file, see 
named. conf(4) and the Bind Configuration File Guideon the Tru64 UNIX 
Documentation CD-ROM. 


8.7 Deconfiguring DNS 


Use the SysMan Menu application of the Common Desktop Environment 
(CDE) Application Manager to deconfigure DNS servers and clients. To 
invokethe SysMan Menu application, follow the instructions in Section 1.1.1. 


When you deconfigure DNS, the service stops and the DNS server and 
client configuration information is deleted from the system. This action 
cannot be undone. To restore DNS, you must configure it again using the 
SysMan Menu. 


To deconfigure DNS, do the following: 


1. Fromthe SysMan Menu, select Networking>Additional Network 
Services>Domain Name Service (DNS(BIND))—»Deconfigure DNS on 
this system to display the Deconfigure DNS dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman dns deconfigure 

Select Yes to deconfigure DNS on the system. 

Select OK to close the Deconfigure DNS dialog box. 
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8.8 Modifying the svc.conf File with svcsetup 


You can modify the /etc/sve.conf file without running the DNS 
Configuration application. To do this, you invoke the svcsetup Script using 
the following commana: 


# /usr/sbin/svcsetup 


Once invoked, use the following steps to edit the /etc/svc. conf file: 


1. 
2. 


Press the Return key following the informational messages to continue. 


Press the Return key to choose the m option from the Configuration 
Menu. 


Choose option 2 from the Change Menu. Option 2 corresponds to the 
hosts database. 


Enter the number that corresponds to the order in which you want the 
services running on your system queried for hosts data. 


Listing local first means that the local /etc/hosts file is searched first 
for the requested information. If the information is not found locally, 
then DNS servers, NIS servers, or both, are queried, depending on 
which options you choose. 


Note 


For better performance, it is best if the first service that 
your system queries for all databases is local, regardless of 
what services you are running. 


Choose option 3, 4, 5, or 6 to configure the svc. conf file so that DNS 
serves hosts information. 


The svcsetup Script indicates that it is updating the /etc/svc. conf 
file. When svcsetup is finished updating the file, the script notifies 
you and the system prompt (# is displayed. 


8.9 Updating DNS Data Files on the Master Server 


If you have not configured dynamic updates, as discussed in Section 8.2 and 
Section 8.5.1.2, you will need to manually update the DNS data files when 
you connect new hosts to the network. 


To add a new host, follow these steps: 


1. 
2. 


Edit the /etc/namedb/src/hosts file to add the new host. 


Change to the /etc/namedb directory and enter one of the following 
commands: 
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# make hosts 
# make all 


After you edit the hosts file and enter the make command, the DNS 
conversion scripts (which arein the /etc/namedb/bin directory) do the 
following for you: 


1. Create the new hosts databases: named. local and named. ca. 
2. Placethe new databases in the /etc/namedb directory. 


3. Senda signal to the named daemon to reload all databases that have 
changed. 


Note 


If you have manually entered mail exchanger (MX) records in the 
named.local file, these records are lost. You will have to edit 
the named. local file and add the MX records. 


The DNS database conversion scripts also increment the serial number field 
of the start of authority (SOA) entry in the database file and inform the 
slave servers that it is time to refresh their data. 


The process is the same for all of the valid files in the master server’s 
/etc/namedb/src directory. Scripts are provided to create the 
named. local and named.ca databases. 


8.10 Obtaining Host Name and IP Address Information 


8.10.1 


There are several ways that you can obtain information about host names, 
IP addresses, and user information from a system using DNS. The following 
sections provide an introduction to two commands: nslookup and whois. 


The nslookup Command 


You can use the nslookup command to noninteractively and interactively 
query DNS for information about hosts on local and remote domains. 

You can also find information about DNS resource records such as mail 
exchanger (MX), name server (NS), and so forth. 


For a noninteractive query, use the following syntax: 

nslookup hostname 

The output is the server name and address and the host name and address. 
For an interactive query, use the following syntax: 

nslookup 
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The output is the default server name and address and the nslookup 
prompt, a greater than sign (>). 


For example, to obtain information about MX, you need to query nslookup 
interactively, supplying a valid domain name. The following example shows 
how to find the mail recipient for the domain corp. com: 

# nslookup 


Default Server: localhost 
Address: 127.0.0.1 


> set querytype=mx 
> corp.com 


Server: localhost 

Address: 127.0.0.1 

findmx.corp.com preference = 100, mail exchanger = gateway.corp.com 
gateway.corp.com inet address = 128.54.54.79 

> |Ctri/D 


# 


A good way to learn how to use the nslookup command is to experiment 
with it. To obtain a list of the interactive nslookup command options, enter 
a question mark (?) at the nslookup prompt. For further information, see 
nslookup(1). 


For a detailed description of the many different types of DNS resource 
records, see Appendix H. 


8.10.2 NIC whois Service 


The Network Information Center (NIC) whois service allows you to access 
the following information about a domain: 


¢ Thename of the domain 
« Thenameand address of the organization responsible for the domain 
¢ Thedomain’s administrative, technical, and zone contacts 


« Thehost names and network addresses of sites providing DNS for the 
domain 


¢ Theregistered users in the domain 


For example, to use the NIC whois service to obtain information about 
a domain named compaq. com, use the whois command and specify the 
domain name as follows: 

# whois compag.com 

Registrant: 

Compag Computer Corporation (COMPAQ-DOM) 


P.O. Box 692000 
Houston, TX 77269 


Domain Name: COMPAQ.COM 
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The InterNIC Registration Services database contains ONLY 
non-military and non-US Government Domains and contacts. 
Other associated whois servers: 


American Registry for Internet Numbers whois.arin.net 


European IP Address Allocations - whois.ripe.net 
Asia Pacific IP Address Allocations - whois.apnic.net 
US Military - whois.nic.mil 
US Government - whois.nic.gov 


To query other whois servers, use the —h option: 


# whois -h whois.nic.gov whitehouse.gov 

Whitehouse Public Access (WHITEHOUSE-DOM) 
725 17th Street NW Room NEOB 4208 
Washington, DC 20503 


Domain Name: WHITEHOUSE .GOV 


Status: ACTIVE 
Domain Type: Federal 
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Network Information Service 


The Network Information Service (NIS, formerly Yellow Pages) is a 
distributed data lookup service for sharing information on a local area 
network (LAN). NIS allows you to coordinate the distribution of database 
information throughout your networked environment. 


This chapter describes: 

¢ TheNlS environment 

¢« How toconfigure your system for NIS 

« Howtomanage NIS servers and clients 


For introductory information on NIS, seenis intro(7). For troubleshooting 
information, see Section 15.10 for clients and Section 15.9 for servers. 


9.1 NIS Environment 


In an NIS environment, systems can have the following roles: 


e« Master server — A system that stores the master copy of the NIS 
database files, or maps, for the domain in the /var/yp/ DOMAIN 
directory and propagates them at regular intervals to the slave servers. 
Only the master maps can be modified. Each domain can have only 
one master server. 


e Slave server — A system that obtains and stores copies of the master 
server’s NIS maps. These maps are updated periodically over the 
network. If the master server is unavailable, the slave servers continue 
to make the NIS maps available to clients. Each domain can have 
multiple slave servers distributed throughout the network. 


¢ Client — Any system that queries NIS servers for NIS database 
information. Clients do not store and maintain copies of the NIS maps 
locally for their domain. 


Figure 9-1 shows a domain in which there is a master server, two slave 
servers, and some clients. 
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Figure 9-1: NIS Configuration 


Master 
Server 


ZK-1145U-Al 


By default, NIS distributes the aliases (mail.aliases), group, hosts, 
netgroup, networks, passwd, protocols, rpc, and services databases. 
(The mail.aliases and netgroup databases are created exclusively for 
N1IS.) You can also create and distribute the enhanced security extended 
profile database, and site-specific customized databases, such as NFS 
Automount and AutoFS maps. 


To configure NIS with support for enhanced security, and optionally create 
secure versions of NIS maps, carefully read the instructions in the Creating 
and Maintaining Accounts chapter of the Security guide before proceeding 
with the setup described in this chapter. For information on creating 
Automount and AutoFS maps for distribution by NIS, see Appendix B. For 
information on creating and distributing other site-specific NIS maps, see 
the Section 9.4.6. 
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9.2 Planning NIS 


This section describes the tasks you must complete before configuring NIS. 


9.2.1 Verifying That the Additional Networking Services Subset is 
Installed 


For NIS servers, verify that the Additional Networking Services subset is 
installed by entering the following command: 


# setld -i | grep OSFINET 


If the subset is not installed, install it by using the set 1d command. For 
more information on installing subsets, see set 1d(8), the Installation Guide, 
or the Systen Administration manual. 


9.2.2 Preparing for the Configuration 


Figure 9-2 shows the NIS Setup Worksheet, which you can use to record the 
information required to configure NIS. If you are viewing this manual online, 
you can use the print feature to print a copy of this worksheet. The following 
sections explain the information you need to record on the worksheet. 
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Figure 9-2: NIS Setup Worksheet 


Domain name: 


QERGESaG Database files for 


NIS maps: 


/var/yp/src/mail.alias file: Yes [_] No 
/var/yp/src/netgroup file: Yes [_] No 
Setup options: 

Slave name: 

IP address: 

Slave name: 

IP address: 


[Slave Server | Server Setup options: 


Master name: 
IP address: 
Slave name: 
IP address: 
Slave name: 
IP address: 


[Client | Setup options: 


Server name: 
Server name: 


Domain name 


The domain name (1 to 31 alphanumeric characters). All systems in 
the domain must declare the same domain name. 


An NIS domain is an administrative entity that consists of a master 
server, one or more slave servers, and numerous clients. All systems in 
a domain share the same set of NIS database files. 


Note 


An NIS domain name is not the same as a DNS domain 
name. Furthermore, an NIS domain name is case-sensitive. 
Be very careful when specifying it. If you configure the 
system with an incorrect NIS domain name, all N1IS-related 
operations (such as logging in and 1s —1 commands) hang 
for several minutes, then fail. 
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NIS runs on each system in your network. You must decide what role each 
system will play within the NIS domain that you are creating. Select one 
host to be the master server; there can be only one master server for each 
domain. Select one or more hosts to be slave servers. The rest of the hosts 
can run as NIS clients. (The master server and all slave servers are also 
considered to be NIS clients.) 


Once you have determined a role for each system, fill in the remainder of the 
worksheet as specified in the following sections. 


9.2.2.1 Master Server 
Database files for NIS maps 


The files you want to make into NIS maps. Choose from the following 
list: 


¢ /etc/group 

e /etc/hosts 

e /etc/networks 
¢ /etc/passwd 

¢ /etc/protocols 
¢ /etc/rpe 


e /etc/services 


Nar/yp/src/mail.aliases file 


The mail.aliases file, which is based on the /var/adm/send- 
mail/aliases file, defines network-wide mail aliases. If you want 
to define and distribute mail aliases on your network, check Yes; 
otherwise, check No. 


If you choose not to create a mail.aliases file, thenissetup Script 
issues an informational message that it cannot find the mail.aliases 
file while it is building the NIS maps. For information on defining mail 
aliases, see aliases(4). 


Nar/yp/src/netgroup file 


The netgroup file defines network-wide groups and is used for 
permission checking when doing remote mounts, remote logins, 
and remote shells. If you want to define and distribute netgroup 
information on your network, check Yes; otherwise, check No. 


If you choose not to create a netgroup file, the nissetup Script issues 
an informational message that it cannot find the netgroup file while 
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it is building the NIS maps. For information on defining network 
groups, see netgroup(4). 


Setup options 


The list of setup options for master servers is as follows. Write the 
options you want to use in the appropriate place in the worksheet. 


Run the yppasswdd daemon. 


The yppasswdd daemon allows users to update their passwords 
in the master copy of the password file by issuing the yppasswd 
command on any system in the NIS domain. If you want users 
to be able to update their N1IS-distributed passwords without 
administrator intervention, run the yppasswdd daemon. 


The yppasswdd daemon runs only on the master server. 
Create base or enhanced security versions of the NIS maps. 


Tru64 UNIX security can be configured in either base or enhanced 
authentication mode. Enhanced security includes an additional 
prpasswd map that contains extended user profile information. 
Before configuring NIS to distribute this prpasswd map, read 
Chapter 12 of the Security guide. It describes important operational 
differences and additional steps necessary for NIS configuration in 
a secure environment. 


Create NIS maps in btree format. 


If you serve very large maps, you might want to have NIS maintain 
these maps as btree files, which significantly reduces the time 
required to build and push very large maps. However, the use of 
btree files might degrade performance slightly for relatively small 
maps. 


If you intend to use enhanced security with NIS, it is best to 
maintain your maps in btree format. 


Run the ypbind daemon with the-s option, which requires the 
server to use a reserved port. 


For security purposes, it is best torun NIS with the—s option. 


Lock the ypbind daemon to a particular domain name and server 
list by specifying the -s option. 


Normally, hosts broadcast NIS requests on the network and the 
first available server answers the request. The-—s option allows 
you to lock the ypbind daemon toa particular domain and set of 
servers. Requests are made directly to the specified servers, rather 
than being broadcast. F or security purposes, it is best torun NIS 
with the —s option. 


9-6 Network Information Service 


If you choose to run NIS with the-—s option, you must know the 
host names and IP addresses of the servers to which you are locking 
the ypbind daemon. You will add them to the local hosts file 
during configuration. 


Security Note 


When using thenissetup script to set up an NIS server 
that is running with enhanced security, you must answer 
Yes to the question about locking the domain name 

and authorized servers (the ypbind —s option). For a 
master server, the server is bound to itself by default. 


« Run NlS with the-ypset option or the-ypsetme option. 


The-ypset option allows a user logged in as root on any system 
in your domain to bind your system toa particular server. The 
—ypsetme option allows ypbind to accept -ypset requests only 
from the local system. For security purposes, it is best to disallow 
all ypset requests. 


¢ Create and distribute Automount or AutoFS maps. 


The automount and autofsd daemons, which are alternatives 
to mounting remote file systems in the /etc/fstab file, allow 
users to mount remote file systems on an as-needed basis. When 
you use NIS to distribute the maps for these daemons, you create 
the maps on the NIS master server and distribute them to NIS 
slave servers and clients. For information on creating these maps, 
see Appendix B. For information on administering the maps, see 
Section 10.1.2. 


Whether or not you use Automount or AutoFS depends on your 
site’s networking environment. 


Slave name 
The name of each slave server in the domain. 


IP address 


ThelP address of each slave server in the domain. 


9.2.2.2 Slave Server 
Setup options 


The list of setup options for slave servers is as follows. Write the 
options you want to use in the appropriate place in the worksheet. 
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¢« Maintain base or enhanced security versions of the NIS maps. 


Tru64 UNIX security can be configured in either base or enhanced 
authentication mode. Enhanced security includes an additional 
prpasswd map that contains extended user profile information. 
Before configuring NIS to distribute this prpasswd map, read 
Chapter 12 of the Security guide. It describes important operational 
differences and additional steps necessary for NIS configuration in 
a secure environment. 


¢ Maintain NIS maps in btree format. 


If you serve very large maps, you might want NIS to maintain these 
maps as btree files, which significantly reduces the time required 
to push very large maps. However, it might degrade performance 
slightly for relatively small maps. 


If you intend to use enhanced security with NIS, it is best to 
maintain your maps in btree format. 


« Runthe ypbind daemon with the-s option, which requires the 
server to use a reserved port. 


For security purposes, it is best to run NIS with the—s option. 


e Lock the ypbind daemon toa particular domain name and server 
list by using the -s option. 


Normally, hosts broadcast NIS requests on the network and the 
first available server answers the request. The-—s option allows 
you to lock the ypbind daemon to a particular domain and set of 
servers. Requests are made directly to the specified servers, rather 
than being broadcast. For security purposes, it is best torun NIS 
with the —s option. 


If you choose torun NIS with the-s option, you must know the host 
names and IP addresses of the servers to which you are locking the 
ypbind daemon to successfully complete the configuration process. 


Security Note 


When using the nissetup Script to set up an NIS 
server that is running with enhanced security, you must 
answer Yes to the question about locking the domain 
name and authorized servers (the ypbind —s option). 
For a slave server, the server is bound to itself by default 
and optionally to the master server and any other slave 
servers. 


¢ Run NlS with the-ypset option or the-ypsetme option. 
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The-ypset option allows a user logged in as root on any system 
in your domain to bind your system toa particular server. The 
—ypsetme option allows ypbind to accept -ypset requests only 
from the local system. For security purposes, it is best to disallow 
all ypset requests. 


Distribute Automount or AutoFS maps. 


The automount and autofsd daemons, which are alternatives to 
mounting remote file systems in the /etc/fstab file, allow users 
to mount remote file systems on an as-needed basis. When you use 
NIS to distribute the maps for these daemons, you can configure 
the slave server to receive the maps from the master server, 
distribute them to clients, and use them to mount remote file 
systems. For information on creating these maps, see Appendix B. 
For information on administering the maps, see Section 10.1.2. 


Whether or not you use Automount or AutoFS depends on your 
site’s networking environment. 


Master name 


The host name of the master server in your domain. 


IP address 


ThelIP address of the master server in your domain. 


Slave name 


The name of another slave server in your domain. Specify several 
servers. 


IP address 


TheIP address of a slave server in your domain. 


9.2.2.3 Client 


Setup options 


The list of setup options for clients is as follows. Write the options you 
want to use in the appropriate place in the worksheet. 


Run the ypbind daemon with the-s option, which requires the 
server to use a reserved port. 


For security purposes, it is best to run NIS with the—s option. 


Lock the ypbind daemon to a particular domain name and server 
list by using the -s option. 
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Normally, hosts broadcast NIS requests on the network and the 
first available server answers the request. The—s option allows 
you to lock the ypbind daemon to a particular domain and set 
of servers. Requests are made directly to the specified servers, 
rather than being broadcast. For security purposes, it is best run 
NIS with the-s option. 


If you choose torun NIS with the-s option, you must know the host 
names and IP addresses of the servers to which you are locking the 
ypbind daemon to successfully complete the configuration process. 


« RunNilS with the-ypset option or the -ypsetme option. 


The-ypset option allows a user logged in as root on any system 
in your domain to bind your system to a particular server. The 
—ypsetme option allows ypbind to accept -ypset requests only 
from the local system. For security purposes, it is best to disallow 
all ypset requests. 


e« UseAutomount or AutoFS and the associated maps. 


The automount and autofsd daemons, which are alternatives to 
mounting remote file systems in the /etc/fstab file, allow users 
to mount remote file systems on an as-needed basis. When you use 
NIS to distribute the maps for these daemons, you can configure 
clients to receive the maps from the NIS master and slave servers 
and use the maps to mount remote file systems. F or information 
on creating these maps, see Appendix B. For information on 
administering the maps, see Section 10.1.2. 


Whether or not you use Automount or AutoFS depends on your 
site’s networking environment. 
Server name 


The name of a master or slave server in your domain. Specify several 
servers. 


9.3 Configuring NIS 


Use the SysMan Menu application of the Common Desktop Environment 
(CDE) Application Manager to configure NIS on master servers, slave 
servers, and clients. To invoke the SysMan Menu application, follow the 
instructions in Section 1.1.1. 
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9.3.1 Configuring an NIS Master Server 


You must configure the NIS master server before you configure the other 
systems. Prior to using the SysMan Menu or the nissetup script, you must 
login as root and complete the following tasks: 


1. Copy into the /var/yp/src directory the local /etc files that you 
intend to make into NIS maps for distribution. If a fileis absent from 
the /var/yp/src directory while it is building the default NIS maps, 
the nissetup Script issues an informational message that it could not 
find that particular file and continues building the maps. 


Note 


If you copied the passwd fileinto the /var/yp/src directory, 
remove the root entry from the file. 


2. Optionally, create the /var/yp/src/mail.aliases file. If you already 
havea /var/adm/sendmail/aliases file on your local system, you 
can copy it tothe /var/yp/src directory and edit it, if necessary. For 
information on the format of this file, see aliases(4). 


3. Optionally, create the /var/yp/src/netgroup file. For information on 
the format of this file, see netgroup(4). 


4. Edit the /var/yp/Makefile file. 


If you are using the NIS master server to servethe /etc/auto.master 
and /etc/auto.home maps for Automount or AutoFS, you must 
remove the comment sign (# from the beginning of each of the 
following lines. These lines were added to the Makefile for use by the 
automount and autofsd daemons. 


all: passwd group hosts networks rpc services protocols netgroup \ 
aliases auto.home auto.master 


$ (YPDBDIR) /$ (DOM) /auto.home.time: $ (DIR) /auto.home 


-@if [ -f£ $(DIR)/auto.home J]; then \ 
$(SED) -e "/*#/da" -e s/#.*$$// $(DIR)/auto.home | \ 
$(MAKEDBM) -a $(METHOD) - $(YPDBDIR)/$(DOM) /auto.home; \ 


$ (TOUCH) $(YPDBDIR)/$(DOM) /auto.home.time; \ 
$(ECHO) "updated auto.home"; \ 
if [ ! $(NOPUSH) ]; then \ 
$(YPPUSH) auto.home; \ 
$(ECHO) "pushed auto.home"; \ 
else \ 
my 
fii -\; 
else \ 
$(ECHO) "couldn’t find $(DIR)/auto.home"; \ 
fi 
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$ (YPDBDIR) /$ (DOM) /auto.master.time: §$ (DIR) /auto.master 


-@if [ -f£ $(DIR)/auto.master ]; then \ 
$(SED) -e "/*#/d" -e s/#.*$$// $(DIR)/auto.master | \ 
$(MAKEDBM) -a $(METHOD) - $(YPDBDIR)/$(DOM)/auto.master; \ 


$ (TOUCH) $(YPDBDIR)/$(DOM)/auto.master.time; \ 
$(ECHO) "updated auto.master"; \ 
if [ ! $(NOPUSH) ]; then \ 
$(YPPUSH) auto.master; \ 
$(ECHO) "pushed auto.master"; \ 
else \ 


£i;\ 
else \ 

$(ECHO) "couldn’t find $(DIR)/auto.master"; \ 
fi 


auto.home: $(YPDBDIR) /$ (DOM) /auto.home.time 
auto.master: §$(YPDBDIR) /$ (DOM) /auto.master.time 


$ (DIR) /auto.home: 
$ (DIR) /auto.master: 


Place a comment sign (# in front of the following lines: 


all: passwd group hosts networks rpc services protocols netgroup \ 
aliases 


If you are using the NIS master server to serve other site-specific maps, 
you must add entries for the maps tothe Makefile. See Section 9.4.8.1 
for information on adding entries for site-specific NIS maps, other 
than the /etc/auto.master and /etc/auto.homemaps, to the 
/var/yp/Makefile file. 


5. Copy the auto.master and auto. home maps, or any other site-specific 
maps, to the /var/yp/src directory. For information on creating 
Automount or AutoFS maps, see Appendix B. For information on 
creating other site-specific maps, see the Section 9.4.8.1. 


To continue to set up the master server, invoke the SysMan Menu as 
documented in Section 1.1.1 and do the following: 


1. From the SysMan Menu, select Networking—>Additional Network 
Services—Configure Network Information Service (NIS). SysMan Menu 
invokes the nissetup Script. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman nis 


A message reminds you that your network must be established before 
setting up NIS, and that in order to set up an NIS server you must have 
the Additional Networking Services subset installed. 


2. Enter c tocontinue. 
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Press Return following the script’s explanation of nissetup, and then 
press Return again after the script explains the three types of systems 
in an NIS domain. 


Enter and confirm your system’s case-sensitive NIS domain name. 
Choose option 1 to indicate that you are configuring the master server. 


Following the nissetup script’s explanation that there can be only one 
master server configured for each NIS domain, enter c and indicate 
whether or not you want to run the yppasswdd daemon. It is best to 
run the yppasswdd daemon on the NIS master server. 


Indicate whether or not you intend to use enhanced security with NIS. 


Indicate whether or not you want your NIS maps to be maintained as 
btree files. 


Enter the names of hosts that will be slave servers for this domain. 
If you enter a host name that is not listed in the master server's 
/etc/hosts file, thenissetup script prompts you for its |P address. 


Enter the names of the SLAVE servers in the test_domain domain. 
Press Return to terminate the list. 


Host name of slave server: host2 
Host name of slave server: host3 
Cannot find host3 in the file /etc/hosts. 
To add host3 to the /etc/hosts file you MUST 
know host3’s Internet (IP) address. 


Would you like to add host3 to the /etc/hosts file 
(y/n) [yl? y 


What is host3’s Internet (IP) address [no default] ? 
120.105.1.28 


Is 120.105.1.28 correct (y/n) [no default] ? y 


Hostname of slave server: |Return 


The nissetup Script displays the list of servers that you entered. You 
can redo the list to correct errors or continue with the setup procedure. 


The nissetup script then creates the default NIS maps, displaying 
messages similar to the following as it does: 


Creating default NIS maps. Please wait... 
updated passwd 

updated group 

updated hosts 

updated networks 

updated rpc 

updated services 

updated protocols 

updated netgroup 

Finished creating default NIS maps. 
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10. 


11. 


12. 


13. 


14. 


Indicate whether or not you want to usethe-s security option. 


If you choose to run NIS with the-s option, the ypbind process runs 
in a secure mode. It is best to use this option. 


Indicate whether or not you want to usethe-s security option. 


It is best to use this option. If you choose to run NIS with the—s option, 
you must enter the names of up to four NIS servers. 


If you enter the name of a server that is not listed in the system’s 
/etc/hosts file, the nissetup script prompts you for its IP address. 
When you are done entering the list of servers, press Return on a blank 
Server n name field and enter c to continue configuring NIS on your 
system. 


Indicate whether or not you want to allow ypset requests on your 
system. 


It is best to disallow all ypset requests. Press Return to accept the 
default, and confirm your choice. 


Indicate whether or not you want your system to use all of the NIS 
databases served by the master server. 


It is best to use all of the NIS databases. 


If you choose to use all of the NIS databases, the nissetup Script edits 
the /etc/svc.conf file to include the string yp for each database. It 
also edits the /etc/passwd and /etc/group files to include a plus 
sign followed by a colon (+:) at the end of each file. This enables your 
system to use NIS for each database listed. This symbol enables the 
files to be distributed by NIS. Continue with step 16. 


If you choose not to use all of the NIS databases, enter n and continue 
with the next step. 


Indicate whether or not you want to add a plus sign followed by a colon 
(+:) tothe end of the local /etc/passwd and /etc/group files. 


For your system to use the NIS-served passwd database, group 
database, or both, +: must be the last linein the file or files you want 
served by NIS. This applies to the passwd and group databases only. 


Note 


The service order selection for the passwd and group 
databases is handled by the Security | ntegration Architecture 
(SIA). If BSD is selected for passwd and group information 
inthe /etc/sia/matrix.conf file, only the +: is required 
for your system to search NIS. 
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15. 


16. 


Indicate whether or not you want the nissetup script to invoke the 
svcsetup Script. 


If you answer yes, the nissetup Script invokes the svcsetup script, 
which allows you to modify the database services selection file (the 
svc.conf file). See Section 9.3.4 for information on modifying the 
svc.conf file. 


If you answer no, thenissetup script continues. You must edit the 
svc.conf file later if you want your system to use NIS to obtain 
database information other than passwd and group information. 


Indicate whether or not to start the NIS daemons automatically. 
If you answer yes, nissetup Starts the daemons. 


If you answer no, use the following command to start the daemons 
manually after nissetup exits and returns you to the system prompt 


(#): 


# /sbin/init.d/nis start 


9.3.2 Configuring a Slave Server 


To configure a slave server, invoke the SysMan Menu as documented in 
Section 1.1.1 and do the following: 


1. 


From the SysMan Menu, select Networking—Additional Network 
Services—Configure Network Information Service (NIS). SysMan Menu 
invokes the nissetup Script. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman nis 


A message reminds you that your network must be established before 
setting up NIS, and that in order to set up an NIS server you must 
have the Additional Networking Services subset installed. Enter c 
to continue. 


Press Return following the script’s explanation of nissetup, and then 
press Return again after the script explains the three types of systems 
in an NIS domain. 


Enter and confirm your system's case-sensitive NIS domain name. 
Choose option 2 to indicate that you are configuring a slave server. 


Enter c to continue following the nissetup Script’s explanation that 
the master server’s list must include each slave server, and that the 
master server must be established in order for maps to be copied to 
the slave server. 


Enter the name of the master server for your domain. 
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8. Indicate whether or not you intend to use enhanced security with NIS. 


9. Indicate whether or not you want your NIS maps to be maintained as 
btree files. 


After you indicate your choice, the script copies the default NIS maps 
from the master NIS server. 


10. Indicate whether or not you want to use the-s security option. 


If you choose to run NIS with the—s option, the ypbind process runs 
in a secure mode. It is best to use this option. 


11. Indicate whether or not you want to use the—s security option. 


It is best to use this option. If you choose to run NIS with the—s option, 
you must enter the names of up to four NIS servers. 


If you enter the name of a server that is not listed in the system’s 
/etc/hosts file, the nissetup script prompts you for its IP address. 
When you are done entering the list of servers, press Return on a blank 
Server n name field and enter c to continue configuring NIS on your 
system. 


12. Indicate whether or not you want to allow ypset requests on your 
system. 


It is best to disallow all ypset requests. Press Return to accept the 
default and confirm your choice. 


13. Indicate whether or not you want your system to use all of the NIS 
databases served by the master server. 


It is best to use all of the NIS databases. 


If you choose to use all of the NIS databases, the nissetup script edits 
the /etc/svc.conf file to include the string yp for each database. It 
also edits the /etc/passwd and /etc/group files to include a plus 
sign followed by a colon (+:) at the end of each file. This enables your 
system to use NIS for each database listed. This symbol enables the file 
to be distributed by NIS. Continue with step 16. 


If you choose not to use all of the NIS databases, enter n and continue 
with the next step. 


14. Indicate whether or not you want to add +: to the end of the local 
/etc/passwd and /etc/group files. 


For your system to use the N|S-served passwd database, group 
database, or both, +: must be the last linein the file or files you want 
NIS toserve. This applies to the passwd and group databases only. 
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15. 


16. 


Note 


The service order selection for the passwd and group 
databases is handled by the Security Integration Architecture 
(SIA). If BSD is selected for passwd and group information 
in the /etc/sia/matrix.conf file, the +: only is required 
for your system to search NIS. 


Indicate whether or not you want the nissetup script to invoke the 
svcsetup script. 


If you answer yes, the nissetup Script invokes the svcsetup script, 
which allows you to modify the database services selection file (the 
svc.conf file). See Section 9.3.4 for information on modifying the 
svc.conf file. 


If you answer no, thenissetup script continues. You must edit the 
svc.conf file later if you want your system to use NIS to obtain 
database information other than passwd and group information. 


Indicate whether or not to start the NIS daemons automatically. 
If you answer yes, nissetup Starts the daemons. 


If you answer no, use the following command to start the daemons 
manually after nissetup exits and returns you to the system prompt 


(#): 


# /sbin/init.d/nis start 


9.3.3 Configuring an NIS Client 


To configure an NIS client, invoke the SysMan Menu as documented in 
Section 1.1.1 and do the following: 


1. 


From the SysMan Menu, select Networking—Additional Network 
Services—Configure Network Information Service (NIS). SysMan Menu 
invokes the nissetup Script. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman nis 


A message reminds you that your network must be established before 
setting up NIS, and that in order to set up an NIS server you must 
have the Additional Networking Services subset installed. Enter c 

to continue. 


Press Return following the script’s explanation of nissetup, and then 
press Return again after the script explains the three types of systems 
in an NIS domain. 


Enter and confirm your system's case-sensitive NIS domain name. 
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5. Press Return to accept the default that you are configuring a client. 


Enter c to continue following the nissetup script’s warning that at 
least one server must be configured for this domain. 


7. Indicate whether or not you want to use the-s security option. 


If you choose to run NIS with the—s option, the ypbind process runs 
in a secure mode. It is best to use this option. 


8. Indicate whether or not you want to usethe-s security option. 


It is best to use this option. If you choose to run NIS with the—s option, 
you must enter the names of up to four NIS servers. 


If you enter the name of a server that is not listed in the system’s 
/etc/hosts file, the nissetup script prompts you for its IP address. 
When you are done entering the list of servers, press Return on a blank 
Server n name field and enter c to continue configuring NIS on your 
system. 


9. Indicate whether or not you want to allow ypset requests on your 
system. 


It is best to disallow all ypset requests. Press Return to accept the 
default, and confirm your choice. 


10. Indicate whether or not you want your system to use all of the NIS 
databases served by the master server. 


It is best to use all of the NIS databases. 


If you choose to use all of the NIS databases, the nissetup Script edits 
the /etc/svc.conf file to include the string yp for each database. It 
also edits the /etc/passwd and /etc/group files to include a plus 
sign followed by a colon (+:) at the end of each file. This enables your 
system to use NIS for each database listed. This symbol enables the file 
to be distributed by NIS. Continue with step 13. 


If you choose not to use all of the NIS databases, enter n and continue 
with the next step. 


11. Indicate whether or not you want to add +: to the end of the local 
/etc/passwd and /etc/group files. 


For your system to use the NIS served passwd database, group 
database, or both, +: must be the last linein the file or files you want 
served by NIS. This applies to the passwd and group databases only. 


Note 


The service order selection for the passwd and group 
databases is handled by the Security | ntegration Architecture 
(SIA). |f BSD is selected for password and group information 
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inthe /etc/sia/matrix.conf file, only the +: is required 
for your system to search NIS. 


12. Indicate whether or not you want the nissetup Script to invoke the 
svcsetup script. 


If you answer yes, the nissetup Script invokes the svcsetup script, 
which allows you to modify the database services selection file (the 
svc.conf file). See Section 9.3.4 for information on modifying the 
svc.conf file. 


If you answer no, thenissetup script continues. You must edit the 
svc.conf file later if you want your system to use NIS to distribute 
database information other than password and group information. 


13. Indicate whether or not to start the NIS daemons automatically. 
If you answer yes, nissetup Starts the daemons. 


If you answer no, use the following command to start the daemon 
manually after nissetup exits and returns you to the system prompt 


(#): 


# /sbin/init.d/nis start 


9.3.4 Modifying the svc.conf File with svcsetup 


If you choose not touseNIS for all of the default databases, you can edit the 
/etc/svc.conf file with the svcsetup script. If you answer yes when 
nissetup asks if you want torun svcsetup, it invokes the svcsetup 
script. Usethe following procedure to edit the /etc/svc.conf file: 


Press Return to choose the m option from the Configuration Menu. 


Enter the numbers from the Change Menu that correspond to the 
databases whose entries you want to modify. 


3. Enter the number that corresponds to the order in which you want to 
query the services on your system. 


If you choose the default (2), the local /etc files are searched first for 
the requested information. If the information is not found locally, then 
an NIS server are queried. This choice is valid for all of the databases 
that NIS serves. 


To have NIS serve hosts information if your system is also 

having hosts information served by DNS, choose either option 

5 (local, bind, yp) or option 6 (bind, local, yp) for the hosts 
database. Note that options 3 (local, bind), 4 (bind, local), 5, and 6 
are valid for the hosts database only. 
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9.3.5 Modifying or Removing an NIS Configuration 


If you configure NIS and run thenissetup script, you can modify or remove 
the NIS configuration. 


If you choose to modify the NIS configuration, the nissetup script 
proceeds as described in Section 9.3.1 to Section 9.3.3, resulting in a new 
configuration. 


If you choose to remove the NIS configuration, the nissetup script prompts 
you to verify your choice, then removes the NIS information from the 
following files: 


e /etc/re.config.common 
¢ /etc/passwd 

¢ /etc/group 

e /etc/sve.conft 


¢ /var/yp/DOMAIN (where DOMAIN is the name of the current NIS 
domain) 


This directory and its contents are deleted (for NIS master and slave 
servers only). 


9.4 Managing an NIS Server 


This section describes how to perform the following NIS server tasks: 
e Add anNlsS slave server toa domain 

« Remove an NIS slave server from a domain 

e« Add auser toan NIS domain 

¢ Update an NIS map 

« Add anNiS map toa domain 

« Remove an NIS map from a domain 

« Modify the /var/yp/Makefile file 

e Restrict access to NIS data 


9.4.1 Adding an NIS Slave Server to a Domain 


Adding a slave server toa domain enables the slave server to receive updated 
NIS maps from the master server and serve them to NIS clients in a domain. 


To add an NIS slave server to a domain, do the following: 


1. Setup the system as a slave server. See Section 9.3.2 for information on 
setting up a Slave server. 
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Login tothe NIS master server as root. 

Change tothe /var/yp directory by using the cd command. 

Undo the ypservers map and direct the output to a file by using the 
following command: 

# makedbm -—u domainname/ypservers > filename 

Edit the file and add the host name of the slave server. 

Build anew ypservers map by using the makedbm command as follows: 


# makedbm filename ypservers 


You can combine steps 4, 5, and 6 into one command line. See the 
example at the end of this procedure. 


Move the ypservers.dir and ypservers.pag map files to the 
domain subdirectory. 


Distribute the updated ypservers map tothe slave servers by using 
the yppush command. 


Edit the NIS master server’s master hosts file and add an entry for the 
slave server, if it is not already in the hosts file. Then update the map 
by entering the make command. The make command also distributes 
the updated map. 


See makedbm(8) for more information on building maps. 


The following example (illustrating steps 3 through 9) shows how to add 
slave server host 8 to domain market: 


# cd /var/yp 


# /var/yp/makedbm —u market/ypservers ; echo host8\ /1 
|/var/yp/makedbm - tmpmap 
mv tmpmap.dir market/ypservers.dir |2 
mv tmpmap.pag market/ypservers.pag 

yppush ypservers |3 
vi /var/yp/srce/hosts |4 


# 
# 
# 
# 


make hosts [5 


Represents the combination of steps 4, 5, and 6 in the preceding 
procedure. The output from the makedbm command with the —u option 
is displayed and the new server name, host8, iS echoed on standard 
output to add it to the file. Then, the output is piped back into the 
makedbm command to build a new map named tmpmap. 
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Note 


You can type these lines as one command even if the 
command wraps on your screen, or you can use the backslash 
escape character (\ ), as shown. 


2} Moves the tmpmap.dir and tmpmap.pag map files to the domain 
market subdirectory and renames them as ypservers map files. 


3] Distributes the updated map to the slave servers. 
4) Adds a new host to the hosts NIS map on the master server. 
5] Updates the map and distributes the updated map to the slave servers. 


Section C.1 contains a sample script you can copy that performs the steps 
involved in adding a slave server to a domain. You still have to set up the 
slave server and edit the master server’s hosts file, adding a slave server 
entry, if necessary. 


9.4.2 Removing an NIS Slave Server from the Domain 


Removing a slave server from a domain means that the system will no 
longer receives updated NIS maps from the master server and serve them 
to NIS clients in a domain. 


To remove an NIS slave server from the domain, do the following: 


1. LogintotheNlsS slave server. 


If the system will bean NIS client, configureit as an NIS client by using 
nissetup. See Section 9.3.3 for more information. 


If the system will nolonger use NIS, turn off the NIS configuration flag 
inthe /etc/re.config. common file by using the following command: 


# /usr/sbin/remgr —c set NIS_ CONF NO 
Login tothe NIS master server as root. 
Change tothe /var/yp directory by using the cd command. 


Undo the ypservers map and direct the output to a file by using the 
following command: 


# makedbm -u ypservers > filename 
5. Edit the file and remove the host name of the slave server. 
Build a new map by using the makedbm command as follows: 


# makedbm filename ypservers 


You can combine steps 4, 5, and 6 into one command line. See the 
example following this procedure. 
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7. Movethe ypservers.dir and ypservers.pag map files to the 
domain subdirectory. 


8. Distribute the updated ypservers map tothe slave servers by using 
the yppush command. 


See makedbm(8) for more information on building maps. 


The following example (illustrating steps 4 through 8) shows how to remove 
slave server host 4 from domain market: 


# cd /var/yp 
# /var/yp/makedbm -u market/ypservers |\ [1 
grep -v host4 | /var/yp/makedbm - tmpmap 
# mv tmpmap.dir market/ypservers.dir [2 
# mv tmpmap.pag market/ypservers.pag 

# yppush ypservers |3 


1] Represents the combination of steps 4, 5, and 6 in the preceding 
procedure. The output from the makedbm command with the —u option 
is piped into grep with the —v option to display all lines except the one 
containing the slave server name (host4). Then, the output is piped 
back into the makedbm command to build a new map named tmpmap. 


Note 


You can type these lines as one command even if the 
command wraps on your screen, or you can use the backslash 
escape character (\ ), as shown. 


2} Moves the tmpmap.pag and tmpmap.dir map files to the domain 
market subdirectory and renames them as ypservers map files. 


3] Distributes the updated map to the slave servers. 


Section C.2 contains a sample script you can copy that performs the steps 
involved in removing a slave server from a domain. You still have to 
reconfigure the slave server as an NIS client or as a system that does not 
use NIS. 


9.4.3 Adding a New User to an NIS Domain 


Adding a new user to an NIS domain adds the user’s account information to 
the passwd map and allows the user to participate in the NIS environment. 
A user has only one password on all systems that use NIS for their passwd 

map. 
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To add a new user toan NIS domain, invoke the SysMan Menu on the NIS 
master server, as documented in Section 1.1.1, and do the following: 


1. 


11. 
12. 


From the SysMan Menu, select Accounts—M anage NIS Users to display 
the Manage NIS Users dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman nis_users 

Select Add to display the Add a User dialog box. 

Enter the user name, user |D, and password for the new user. 
Select a primary group for the user: 


a. Select Choose to open the Primary Group dialog box. 

b. Select one group from the list of groups. Then, select OK to close 
the Primary Group dialog box. 

Enter a secondary group for the user, if necessary. 

Select a shell for the user. 


a. Select Choose to open the Shells dialog box. 


b. Select a shell from the pull-down menu. Then, select OK to close 
the Primary Group dialog box. 


Deselect the Create Home Directory check box if you do not want the 
system to create a home directory for the user. By default, the system 
creates a directory for the user in the /usr/users directory. 


If you choose to allow the system to create the user’s home directory, 
you can specify an alternate location for the directory in the Home 
Directory field. 


Enter comments for the account, if necessary. For example, at a college, 
you could use this field to indicate that a new account is temporary for 
a visiting professor. 


Deselect the Lock Account check box to unlock the account. Unlocking 
the account gives the user permission to login and use the account. 


. Select OK to create the user’s account. You are informed that the 


account has been created. Select OK to dismiss the confirmation 
message and to close the Add a User dialog box. 


Select Exit to close the Manage NIS Users dialog box. 


Create the user’s home directory if you did not allow the utility to 
create it for you. Then, set up the user’s environment. See the Systen 
Administration guide for more information. 
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You can also modify and delete NIS users with the SysMan Menu. See the 
online help for more information. 


If you prefer, you can use the dxaccounts or useradd utilities to administer 
NIS users. See the online help and useradd(8) for more information. 


9.4.4 Adding a New Group to an NIS Domain 


Adding a group toan NIS domain adds the group and all of its registered 
users to the group map. To add a new group to an NIS domain, invoke the 
SysMan Menu on the NIS master server, as documented in Section 1.1.1, 
and do the following: 


1. Fromthe SysMan Menu, select Accounts—M anage NIS Groups to 
display the Manage NIS Groups dialog box. 

Alternatively, enter the following command on a command line: 

# /usr/bin/sysman nis groups 

Select Add to display the Add a Group dialog box. 

Enter the group name and group |D for the new group. 

Select one or more users who will bein the group from the M embers list. 


uk WN 


Select OK tocreate the group. You are informed that the group has been 
created. Select OK to dismiss the confirmation message and to close the 
Add a Group dialog box. 


6. Select Exit to close the Manage NIS Groups dialog box. 


You can also modify and delete NIS groups with the SysMan Menu. See 
the online help for more information. 


If you prefer, you can use the dxaccounts or groupadd utilities to 
administer NIS groups. See the online help and groupadd(8) for more 
information. 


9.4.5 Updating an NIS Map 


Updating an NIS map involves making changes to an NIS map’s master 
file, updating the Makefile file (if the map is not listed), and building 
and distributing the new map. Entries for the following standard maps 
are included in the Makefile file 


* passwd 
* group 
¢ hosts 


* networks 
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rpc 
services 
protocols 
netgroup 


aliases (mail.aliases) 


The master files are located in /var/yp/srce on the NIS master server. 


To update an NIS map, do the following: 


Login tothe NIS master server as root. 
Change tothe /var/yp directory by using the cd command. 


Modify the Makefile file, if no entry exists in the /var/yp/Makefile 
file for the map you want to update. 


See Section 9.4.8 for information on modifying the Makefile file. 
Change to the /var/yp/src directory by using the cd command. 


Edit the master file of the map you want to update and make your 
changes. 


Change to the /var/yp directory by using the cd command. 
Update and distribute the map by using the make command as follows: 


# make map name 


The following example (illustrating steps 4 through 7) shows how to update 
the hosts map: 


# cd var/yp/sre 
# vi hosts 2 


# cd /var/yp 
# make hosts 


1 


mB) [| | 


_— 


R/O 


Changes to the /var/yp/src directory. 

Opens the /var/yp/src/hosts file for editing. 
Changes tothe /var/yp directory. 

Updates the map and distributes it to the slave servers. 


9.4.6 Adding an NIS Map to a Domain 


Adding an NIS map to a domain allows the database information to be 
distributed throughout an NIS domain. You can create and distribute maps 
for any information you want to distribute. 
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To add an NIS map to a domain, do the following: 


Login tothe NIS master server as root. 
Create a master file for your new map. 


A master file is an ASCII text file containing individual entries. Each 
entry has fields separated by spaces. Some of these fields are used 

to build a key to each entry. Review some of the master files in the 
/var/yp/src directory to better understand the structure of a master 
file. 


If you are using NIS to distribute NFS Automount or AutoFS maps, 
create a file named auto.master inthe /var/yp/src directory. If the 
file exists, add an entry for the map you want to distribute. 


See Section 10.1.2 and Appendix B for more information on the 
auto.master map. 


Edit /var/yp/Makefile file to include the new map in the default 
set of maps. 


See Section 9.4.8 for information on modifying the Makefile file. 
Change tothe /var/yp directory by using the cd command. 
Update the map by using the make command as follows: 


# make map name 


The following example adds the phonelist map toa domain: 


# vi /var/yp/sre/phonelist |1 
# vi /var/yp/Makefile [2 


# cd /var/yp [3 
# make phonelist |4 


1 


B&B) [| | 


Creates a phonelist master file on the master server. 

Opens the Makefile file for editing. 

Changes tothe /var/yp directory. 

Updates the map and distributes the updated map to the slave servers. 


9.4.7 Removing an NIS Map from a Domain 


Removing an NIS map froma domain prevents the database information 
from being distributed throughout an NIS domain. 


To remove an NIS map from a domain, do the following: 


1. 


Login tothe NIS master server as root. 
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If you are using NIS todistribute NFS Automount or AutoFS maps, 
delete the entry for the map you no longer want distributed from the 
auto.master filein the /var/yp/src directory. 


See Section 10.1.2 and Appendix B for more information on the 
auto.master map. 


Edit the /var/yp/Makefile file to remove the map from the default 
set of maps. 


See Section 9.4.8 for information on modifying the Makefile file. 


9.4.8 Modifying the /var/yp/Makefile File 


Modifying the Makefile file means adding or deleting database entries in 
the /var/yp/Makefile fileon the NIS master server. By adding a database 
entry tothe Makefile file, you indicate that you want a map produced 

for the specific database when you use the make command. By deleting a 
database entry, you indicate that you do not want a map produced for the 
specific database. 


As you edit the /var/yp/Makefile file, remember the following: 


The order of entries in the line that begins with a11: is not important. 


However, in continuation lines, the blank space preceding the line must 
be a tab character; do not use spaces. 


Variables are defined at the top of the Makefile file. 


9.4.8.1 Adding an Entry 


To add an entry to the Makefile file, do the following: 


1. 
2. 


Login tothe NIS master server as root. 


Edit the /var/yp/Makefile file and add the database name to the line 
beginning with al1:. Next, add a line with the following format to 
the end of the file: 


database_name:database_name.time 


Finally, add an entry with the following format to the middle of the file: 


database _name.time: various_commands 


To simplify the creation of this entry, copy the auto.home.time: entry 
in the file and make the necessary database name changes. 


If you are using NIS to distribute NFS Automount or AutoFS maps, 
uncomment any line that contains the auto.master string by deleting 
the comment character (# that precedes it. 
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The following example shows the phonelist database added to the 
/var/yp/Makefile file. Thereis a tab character preceding the netgroup 
database name inthe all: line. 


all: passwd group hosts networks rpc services protocols \ 
netgroup aliases phonelist 


$(YPDBDIR) /$ (DOM) /phonelist.time: $(DIR)/phonelist 


-@if [-f $(DIR)/phonelist ]; then \ 
$(SED) -e "/*#/d" -e s/#.*$$// $(DIR)/phonelist | \ 
$(MAKEDBM) -a $(METHOD) - $(YPDBDIR)/$(DOM)/phonelist; \ 


$ (TOUCH) $(YPDBDIR) /$(DOM) /phonelist.time; \ 
$ (ECHO) "updated phonelist"; \ 
if [ ! S(NOPUSH) ]; then \ 

$(YPPUSH) phonelist; \ 

$ (ECHO) "pushed phonelist"; \ 


else \ 
PX 
fi \ 
else \ 
$(ECHO) "couldn't find $(DIR)/phonelist"; \ 
gat 


phonelist: phonelist.time 


9.4.8.2 Deleting an Entry 
To delete an entry from the Makefile file, do the following: 


Log in to the NIS master server as root. 


Edit the /var/yp/Makefile file, delete the database name from 
the line beginning with al1:, and delete the line beginning with the 
database name (database_name: ). 


Instead of deleting the database line, you could comment out the line by 
adding a comment character (# to the beginning of the line. 


9.4.9 Restricting Access to NIS Data 


By default, the ypserv and ypxfrd daemons provide NIS information 

to anyone with network access to an NIS server who makes a request. 
However, you can restrict NIS database access to only those hosts in subnets 
you specify by completing the following steps: 

1. Login tothe NIS server as root. 

2. Createa /var/yp/securenets file. 
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3. Edit the /var/yp/securenets file and add an entry for each subnet 
from which the NIS server is to accept NIS requests. The format of 
each file entry is as follows: 


subnet_mask subnet_ip address 


For example: 


255.255.0.0 128.30.0.0 1 
255.255.255.0 128.211.10.0 2 
255.255.255.255 128.211.5.6 3 


1 Allows IP addresses that are within the subnet 128.30 rangeto 
access the NIS files. The network mask is 255.255.0.0 andthe 
corresponding network address is 128.30.0.0. 


2 Allows |P addresses that are within the subnet 128.211.10 range 
to access the NIS files. 

3 Allows one host with the IP address 128.211.5.6 toaccess the 
NIS files. 


4. Save the file. 


If the file does not exist or contains no entries, the server accepts any NIS 
request. 


If the file exists and contains entries, the ypserv and ypxfrd daemons read 
the /var/yp/securenets file during initialization. When an NIS request 
is received, the requester’s IP address is compared to the subnets in the 
/var/yp/securenets file. If it matches, the request is processed. If it does 
not match, NIS silently discards the request. No message is logged (because 
malicious users could use these messages to fill up a system's disk). 


On the system making the NIS request, NIS commands such as ypcat 
terminate with no error message. If a user is trying tologin toa system, the 
login times out after many retries. 


Note 


If the /var/yp/securenets file is modified, you must kill and 
restart the ypserv and ypxfrd daemons. 


You can also use a /var/yp/securenets file torestrict access to NIS data 
on a slave server. However, the NIS slave server’s IP address must be 

in the authorization range of entries in the /var/yp/securenets file of 
the NIS master. 
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9.5 Managing an NIS Client 


This section describes how to perform the following NIS client management 
tasks: 
« Change an NIS password 


¢ Obtain NIS map information 


9.5.1 Changing an NIS Password 


To change a user’s password in the NIS passwd map, use the yppasswd 
command. If you receive an error message, ask the system administrator 
on the master server to verify that the rpc. yppasswdd daemon on the 
NIS master server is running. 


If you try to change an NIS-distributed password with the passwd command, 
you receive the following error message: 


Not in passwd file. 


The root password is local and not in the NIS file. To change the root 
password, use the passwd command. 


See yppasswd(1) and rpc. yppasswdd(8) for further information. 


9.5.2 Obtaining NIS Map Information 


NIS map information includes the following: 
* Map names 

¢« Map values 

« Map keys 

¢ Map master server 


To obtain NIS map information, issue one of the commands listed in 
Table 9-1. 


Table 9-1: NIS Map Information Commands 


Command Action 
ypcat Prints values from an NIS database 
ypwhich Prints the name of the host that is the current NIS 


server or map master 


ypmatch Prints the values of one or more keys from an NIS map 


Use the —x option with any of the commands shown in Table 9-1 to list all 
the map nicknames. 
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See ypcat(1), ypwhich(1), and ypmatch(1) for more information about these 
commands. 


The following command lists all available maps and their master servers: 
# ypwhich -m 

The following command lists all values in the hosts map: 

# ypcat hosts 


The following command lists all occurrences in the hosts map that have 
the key apple: 


# ypmatch apple hosts 


The following command lists all occurrences in the hosts map that have the 
name jones associated with them. The name jones is not a key in this map. 


# ypcat hosts | grep jones 
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10 


Network File System 


The Network File System (NFS) is a facility for sharing files in a 
heterogeneous environment. This chapter describes: 


¢ TheNFS environment 
¢ How toconfigure your system for NFS 
« How to manage NFS servers and clients 


For introductory information on NFS, seenfs_intro(7). For troubleshooting 
information, see Section 15.12 for clients and Section 15.11 for servers. 


10.1 NFS Environment 


10.1.1 


In the NFS environment, systems can have the following roles: 


« Client — A system that imports file systems. A client can mount file 
systems by using either the /etc/fstab file or an automatic mounting 
daemon, such as the automount or autofsd daemons. All methods are 
explained in this chapter. 


e« Server — A system that exports file systems. 


Your system can be set up as an NFS server, a WebNFS server, an NFS 
client, or all three. 


Distributing the hosts Database 


If your network is running the Network Information Service (NIS) or the 
Domain Name System (DNS) to distribute host information, you do not 
need to list each server that is referenced in a client’s /etc/fstab filein 
the client’s local /etc/hosts file. However, the server’s host information 
must bein the NIS or DNS database. 


Similarly, if your network is running NIS or DNS to distribute host 
information and the client information is listed in the hosts database, you 
do not have to list each client that is referenced in a server’s /etc/exports 
file in the server's local /etc/hosts file. 
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10.1.2 Automatic Mounting Daemons 


The automount and autofsd daemons offer alternatives to mounting 
remote file systems with the /etc/fstab file, allowing you to mount them 
on an as-needed basis. 


When a user on a system running one of these daemons invokes a command 
that must access a remotely mounted file or directory, the daemon mounts 
that file system or directory and keeps it mounted for as long as the user 
needs it. When a specified amount of time elapses (the default is 5 minutes) 
without the file system or directory being accessed, the daemon unmounts it. 


You specify the file systems to be mounted in map files. These maps may be 
customized to suit your environment and administered in the following ways: 


e UseNlS tocreate and distribute the maps 
e« Administer the maps locally 
e Usea combination of both methods 


See Appendix B for information on creating these maps. Note that with a few 
restrictions, as documented in the Restrictions section of autofsmount(8), 
Automount and AutoFS maps can be used interchangeably. 


10.1.2.1 Serving Automount and AutoFS Maps with NIS 


NIS allows you to create and distribute customized Automount and AutoFS 
maps. When NIS is used to distribute maps, the administrator of the NIS 
master server creates and administers the maps for the NIS domain. In this 
case, you must configure each system that uses Automount or AutoFS as an 
NIS client so that it can receive the maps. 


If many clients in an environment remotely mount the same file system by 
specifying it in their /etc/fstab file, that file system is a good candidate 
for inclusion in a map distributed by NIS. Carefully constructed maps can 
allow client systems to eliminate a large part of their /etc/fstab files. If 
the location of a file system that is included in a distributed map changes, or 
its server changes, the administrator changes the map on the NIS master 
server. The change is then propagated throughout the domain without users 
on the client systems having to edit their /etc/fstab files. 


See Section 9.3.1 for information on configuring a master NIS server to 
serve maps. 


10.1.2.2 Local Automount and AutoFS Maps 


Local Automount and AutoFS maps might be useful to you under the 
following circumstances: 
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10.1.2.3 


¢ Your system mounts remote file systems that are not typically mounted 
by other NIS clients. 


e Your network is not running NIS. 
e« You need to test a map. 


Administering the automount or autofsd daemons locally is the same as 
administering them when NIS distributes the maps, except that you, as 
administrator of your system, create and manage the maps. 


A local auto.master map serves the same function as one distributed 

in an NIS domain. If you specify a local auto.master map, the daemon 
consults it for the location of other maps, their local mount points, and the 
mount options. You can use an auto.master map that is distributed by 
NIS, alocal auto.master map, both, or neither, if the selected daemon 
is invoked correctly. 


WebNFS 


WebNFS is an NFS protocol that allows clients to access files over the 
Internet in the same way that local files are accessed. WebNFS uses a public 
file handle that allows it towork across a firewall. This public file handle also 
reduces the amount of time required to initialize a connection. The public file 
handle is associated with a single directory (public) on the WebNFS server. 
See exports(4), exportfs(2), andnfs_intro(4) for further information. 


10.2 Planning NFS 


Figure 10-1 shows the NFS Setup Worksheet, which you can use to record 
the information required to configure NFS. If you are viewing this manual 
online, you can use the print feature to print a copy of this worksheet. 
The following sections explain the information you need to record on the 
worksheet. 
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Figure 10-1: NFS Setup Worksheet 


NFS Setup Worksheet 
Ex Number of nfsd threads: TCP: ——— Ss UDP: —____ 


Property lists: Yes [_] No 
NFS locking: Yes [_] No 


PC-NFS daemon: Yes [_] No 
Allow nonroot mounts: Yes [_] No 
Address verification: LJ Yes LJ] No 
Exported directories: Network group/ 
Path name: Permissions: Node name: 


| Client | Number of I/O threads: 


NFS locking: [_] Yes [-] No 
Automatic mounting daemon: [_] Automount [_]AutoFS [_] None 


Imported directories: 
Path name: Remote server name: Local mount point: RO: 


10.2.1 Server 
Number of nfsd threads 


Enter the number of nfsd TCP and UDP server threads to run. These 
threads service requests from NFS clients. The default number of 8 

is adequate for an average work load. You can configure a combined 
total of Oto 128 TCP and UDP server threads. 


On systems that support Cache Coherent NUMA, the number of 
threads is per Resource Affinity Domain (RAD). See nfsd(8) and 
numa_intro(3) for more information. 
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Property lists 
If you want torun the property list daemon, check Yes; otherwise, check 
No. The property list daemon allows the server to handle requests 
to get, set, or delete the property lists associated with NF S-served 
file system objects. See proplistd(8) and proplist(4) for more 
information. 


NFS locking 


If you want to run the NFS lock manager (rpc. 1ockd) and status 
monitor (rpc.statd), check Yes. Running these daemons allows 
users to use fent1(2) and lock £(3) to lock file regions on NFS files (in 
addition to local files). 1f you do not run these daemons, users can use 
advisory locking primitives only on local files. 


PC-NFS daemon 


If you want to run the PC-NFS daemon (rpc. penfsd), check Yes; 
otherwise, check No. The PC-NFS daemon allows the server to handle 
NFS requests from PCs. 


Allow nonroot mounts 


If you allow nonroot mounts, users on client systems who do not 
have root privileges can still mount the file systems or directories 
exported from this system. If you do not allow nonroot mounts, only 
the superusers on the client systems can mount file systems from this 
host. The default setting does not allow nonroot mounts. 


Address Verification 


If you want the server to verify the Internet address of any host that 

requests an exported directory, check Yes; otherwise, check No. If you 
choose Yes and you also want to verify that the host is in the server’s 
domain or subdomain, check Domain Checking, Subdomain Checking, 
or both. 


10.2.1.1 Exported Directories 


Use the following fields to define file systems that your server will export 
to dient systems: 
Path name 


The path name of the file systems or directories that you intend to 
export. 
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Permissions 


The permissions to assign for each exported file system or directory. 
You can specify whether a file system or directory is exported with 
read-write (rw) or read-only (ro) permission, and you can map client 
superuser access to a root user |D (UID) number other than the default 
of —2. If you have a WebNFS server with the -public option set, the 
mount access list is ignored by the server so that all hosts using the 
WebNFS protocol have access to this directory. For more information 
on assigning permissions to exported file systems or directories and on 
specifically mapping the root UID for clients, see export s(4). 


Network group/Node name 


The network groups or individual host names to which you will export 
these file systems or directories. If you want to limit the hosts that 
can import a file system or directory, you must explicitly specify the 
individual hosts or network groups in the /etc/exports file. If you 
do not specify individual hosts or network groups, all hosts can import 
that file system or directory. For information on defining network 
groups, see netgroup(4). 


10.2.2 Client 
Number of I/O threads 


The number of I/O threads to run. The default number of 7 is 
recommended for optimum load generation on servers. You can 
configure from 0 to 64 nfsiod threads. 


In addition, you can start nfsiod threads from the command line. 
See nfsiod(8) for information on starting nfsiod threads from the 
command line. 


NFS locking 


If you want to run the NFS lock manager (rpc .1lockd) and status 
monitor (rpc.statd), check Yes. Running these daemons allows 
users to use fent1(2) and lock £(3) to lock file regions on NFS files (in 
addition to local files). 1f you do not run these daemons, users can use 
advisory locking primitives only on local files. 


Automatic mounting daemon 


If the client is to run an automatic mounting daemon, such as 
Automount or AutoFS, check the box for one of these daemons; 
otherwise, check None. 
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10.2.2.1 


You can select only one automatic mounting daemon. While AutoF S 
provides higher efficiency and availability than Automount, there 
are some restrictions for its use. See the Restrictions sections of 
autofsd(8) and autofsmount(8) for more information. 


If the network is running the NIS, the Automount or AutoF S maps 
are better administered and served from the NIS master server. The 
format of the maps is the same whether they are local or served by the 
NIS master server. For information on creating maps, see Appendix B. 


Imported Directories 


Use the following fields to define the remote file systems that your client 
will import: 


Path name 


The complete pathnames of the file systems or directories that you 
want to import. 


Remote server name 


The host names of the servers from which you are importing file 
systems or directories. 


Local mount point 


The mount point on the local system where you want the imported file 
systems or directories to reside. 


RO (Read-only) 


The permissions for the imported file systems or directories. Check the 
box for a read-only mount. Leave the box unchecked for a read-write 
mount. 


Note 


If you mount your user area from a server, make sure that 
your UID on the client is the same as your UID on the 
server. NFS uses your client UID to check against file 
access permissions on the server. If your UID is different 
on the client and server, you cannot modify your own NFS 
mounted files (assuming that you have the permissions on 
the mounted files set so that only you can modify them). 
Since the server does the access checking, the only UID 
allowed to modify the files is the one that the server knows. 
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10.3 Configuring NFS 


Use the SysMan Menu application of the Common Desktop Environment 
(CDE) Application Manager to configure NFS on clients and servers. To 
invokethe SysMan Menu application, follow the instructions in Section 1.1.1. 


10.3.1 Configuring an NFS Server 


To configure an NFS server, complete the following steps. If you want 
your system to import file systems, see Section 10.3.2 for information on 
configuring an NFS client. 


1. 


From the SysMan Menu, select Networking—Additional Network 
ServicesNetwork File System (NF S)—>Configure system as an NFS 
server to display the Configure NFS Server dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman nfs_ server 


Enter the number of server TCP threads to be run in the appropriate 
field. 


Enter the number of server UDP threads to be run in the appropriate 
field. 


Select the Enable Property List Daemon check box if you want to run 
the property list daemon (proplistd). 


Deselect the Enable Locking check box if you do not want to run the 
NFS lock manager (rpc. 1lockd) and status monitor (rpc. statd) 
daemons. Locking is enabled by default. 


Select the Enable PC-NFS Daemon check button if you want to run 
the rpc.pcnfsd daemon. 


If you run the PC-NFS daemon, you must export to the client the 
directories you want to mount on the PC client. To enable the client 
to utilize network printing, you must export the /usr/spool/penfs 
directory tothe PC dient. For information on exporting directories, 
see Section 10.5.2. 


Select the Allow Nonroot Mounts check box if you want to allow users 
other than root to mount file systems. 


Deselect the Internet Address Verification check box if you do not want 
the mountd daemon to verify the IP address of each host requesting a 
mount or unmount. Internet Address Verification is enabled by default. 


Select the Internet Address Verification & Domain Checking check box 
to have the mountd daemon verify that the host requesting a mount or 
unmount is in the server’s domain. 
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10. 


11. 


12. 


13. 


Select the Internet Address Verification & Subdomain Checking check 
box to have the mountd daemon verify that the host requesting a mount 
or unmount is in the server’s subdomain. 


Specify the directories you want to export by following steps 2 through 
7 in Section 10.5.2. 


Select OK to validate your changes. The utility prompts you to start 
the NFS daemons. 


Select Yes to save your configuration, start the daemons, and apply the 
changes immediately; or select No to save your configuration, close 
the Configure NFS Server dialog box, and apply the changes the next 
time you reboot your system. 


If you choose Yes, you are informed that the NFS daemons have been 
started. Select OK to dismiss the message and to close the Configure 
NFS Server dialog box. 


You can also modify or deconfigure your server configuration after the initial 
setup. See the online help and Section 10.4 for more information. 


10.3.2 Configuring an NFS Client 


To configure an NFS client, do the following: 


1. 


From the SysMan Menu, select Networking—Additional Network 
Services>Network File System (NF S)—-Configure system as an NFS 
client. The Configure NFS Client dialog box is displayed. 


Alternatively, enter the following command on a command line: 


# /usr/bin/sysman nfs_ client 
Enter the number of client |/O threads to berun in the appropriate field. 


Select the Enable Locking check box to specify locking configuration if 
the status of the lockd daemon is Stopped. If the status of the daemon 
is Running, locking is already set. 


Select the Enable Automount Daemon check box to configure the 
automount daemon. See Section 10.1.2 for information on Automount 
and Appendix B for information on Automount maps. If you would 
like to configure the AutoFS daemon, see Section 10.6.2.2 for more 
information. 


Enter appropriate arguments to the automount daemon in the 
Automount Arguments field. See Section 10.6.2.3 for more information. 


Specify the directories you want to import, those not already imported 
by automount, by following steps 2 through 10 in Section 10.6.1. 
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7. Select OK to validate the changes. (Due to the myriad of automount 
arguments available to the user, the validation of these arguments is 
deferred until the automount daemon starts and verifies them.) 


You are asked if you would like to start or restart the NFS daemons. 


8. Select Yes to save the configuration, start the daemons, and apply your 
changes immediately; or select No to save the configuration, close the 
Configure NFS Client dialog box, and apply the changes the next time 
you reboot your system. 


If you choose Yes, you are informed that the NFS daemons have been 
started. Select OK to dismiss the message and to close the Configure 
NFS Client dialog box. 


You can also modify or deconfigure your client configuration after the initial 
setup. See the online help and Section 10.4 for more information. 


10.4 Deconfiguring NFS 


You can use the SysMan Menu to deconfigure NFS servers and clients. When 
you deconfigure an NFS server or an NFS client, the corresponding NFS 
daemons stop and all of the corresponding NFS configuration information is 
deleted from the system. This action cannot be undone. To restore your NFS 
server or client, you must configure it again using the SysMan Menu. 


When you deconfigure an NFS server, the client services are not removed. 
Likewise, when you deconfigure an NFS client, the server configuration is 
not removed. If you would like to deconfigure both the dient and server 
configurations on a system, you must perform each action independently. 


To deconfigure an NFS server, select Deconfigure system as an NFS Server 
from the SysMan Menu, or enter the following command on the command 
line: 


# /usr/sbin/sysman nfs_deconfig server 


To deconfigure an NFS client, select Deconfigure system as an NFS Client 
from the SysMan Menu, or enter the following command on the command 
line: 


# /usr/sbin/sysman nfs_deconfig client 


For both client and server, the Deconfigure NFS dialog box is displayed. 
Select Yes to deconfigure the service. You are informed that the service has 
been deconfigured. Select OK to dismiss the message and to close the dialog 
box. 
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10.5 Managing an NFS Server 


10.5.1 


This section describes how to perform the following NFS server tasks: 


Export a directory or file system 

Halt export of a directory or file system 

Enable a superuser on a client system to access files as superuser 
Send mail to superuser (root) across NFS 

Enable port monitoring 

Monitor the NFS load 


Export Guidelines 


The /etc/exports file defines an export list for each file system 
and directory that a client can mount. When creating entries in the 
/etc/exports file, remember the following: 


Make only one entry for each exported file system or directory; multiple 
entries are not supported. 


Each entry exports that directory and all subdirectories in it, except for 
those subdirectories that reside in a file system (disk partition) different 
from the exported directory. 


File systems and directories are exported with read-write access by 
default. 


If no remote system (client) names are specified for a file system or 
directory, any client on the network can mount that file system or 
directory. 

If one or more client names are specified for a file system or directory, 
only those clients can mount the exported file system or directory. 


If you start the mountd daemon with the -i option, only those hosts in 
the server’s host database are allowed mount access. If you start the 
mountd daemon with the—d or —s option, only those clients in the same 
domain or subdomain, respectively, are allowed mount access. 


Exporting specific directories to specific clients provides more security 
than does exporting an entire file system to all clients. 


Protect sensitive exported data on the server by making the data files 
owned and accessible only by root, and do not allow superusers on client 
systems root access over NFS. 


The -public option can only be specified by one exported file system. 
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10.5.2 Exporting a File System or Directory 


Exporting a file system or directory makes it available for client systems on 
the network to mount remotely. If you want your system to be an NFS server 
and to export file systems and directories, be aware that your system will 
be less secure. However, depending on how you export your files, you can 
minimize the security risks. 


To export a file system by using the SysMan Menu, do the following: 


1. FromtheSysMan Menu, select Networking>Additional Network 
Services Network File System (NF S)—->Configure system as an NFS 
server to display the Configure NFS Server dialog box. 


Alternatively, enter the following command on a command line: 


# /usr/bin/sysman nfs_ server 


2. Select the Shared Local Directories button to display the Share Local 
Directory dialog box. 


3. Select Add to add a shared directory. The Add/Modify dialog box is 
displayed. 


4. Enter the full path name of the directory to be exported in the Share 
this Directory field. 


5. Select whether the directory has read/write or read-only access and 
whether all hosts or only selected hosts can have access. By default, the 
directory is exported with read/write permissions to all hosts. 


If you choose Selected in either the Read/Write or Read-Only dialog box, 
enter the name of each host that can have access to this directory in the 
appropriate field. Select Add for each host. 


6. Select OK to validate the entry and to close the Add/M odify dialog box. 
Repeat steps 3 through 6 for additional directories. 


7. Select OK to save the list of directories you chose to export in the 
/etc/exports file. You are informed that the changes have been 
made. Select OK to dismiss the message and to close the Share Local 
Directory dialog box. 


8. Select OK toclose the NFS Server dialog box. 
You can also modify and delete exported directories with the Share Local 


Directory dialog box. See Section 10.5.3 and the online help for more 
information. 


Optionally, you can use a text editor to add, modify, and delete exported 
directories directly in the /etc/exports file. See the exports(4) reference 
page for more information about editing this file. 
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10.5.3 


10.5.4 


Halting Export of a Directory or File System 


Halting export of a directory or file system prevents client systems from 
accessing the particular directory or file system; you can still export other 
directories or file systems. If you do not want to export any file systems, you 
might want to deconfigure your NFS server as documented in Section 10.4. 


To halt the export of a file system by using the SysMan Menu, do the 
following: 


1. FromtheSysMan Menu, select Networking>Additional Network 
Services Network File System (NF S)—->Configure system as an NFS 
server to display the Configure NFS Server dialog box. 


Alternatively, enter the following command on a command line: 


# /usr/bin/sysman nfs_ server 


2. Select the Shared Local Directories button to display the Share Local 
Directory dialog box. 


3. Select the entry that you no longer want to export from the list of 
shared directories. 


4. Select Deleteto removethe highlighted entry from the list. Repeat steps 
3 and 4 to halt the export of additional entries. 


5. Select OK tosave the remaining list of exports in the /etc/exports 
file. You are informed that the changes have been made. Select OK to 
dismiss the message and to close the Share Local Directory dialog box. 


6. Select OK toclose the NFS Server dialog box. 


You can also add and modify exports with the Share Local Directory dialog 
box. See Section 10.5.2 and the online help for more information. 


Optionally, you can use a text editor to add, modify, and delete exports 
directly in the /etc/exports file See the exports(4) reference page for 
more information about editing this file. 


Enabling Client Superuser Access to Files 


By default under NFS, a superuser (root) on a client system does not have 
superuser privileges on the server and cannot do the following: 


e Access remotely mounted files and directories whose permissions do not 
allow world access 


¢« Change the ownership of remotely mounted files (run the chown 
command) 


For security reasons, it is best not to allow a remote superuser access to 
your system as superuser unless both the remote host and superuser are 
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10.5.5 


trusted. However, in a friendly network environment, you can explicitly 
allow superuser access over the network. 


To allow a superuser on a client access to your server system, edit the 
/etc/exports file on your server and add the -root=0 option to the 
entry you want to make available. The -—root=0 option maps the remote 
superuser’s identification to UID 0. All future mount requests will be 
honored with root mapping. By default, this option allows superuser access 
from any client system on the network. To restrict the superuser access to 
specific systems, use the-root=host_ list option, where host listisa 
list of host names. See exports(4) for more information. 


By default, NFS servers regard superusers and those users without UNIX 
authentication (personal computer systems) as anonymous users. This 
class of users can only access files that are accessible to the world. To 
prevent anonymous users from accessing file systems or directories, use 
the —anon=—1 option. If you still want to allow client superusers access 
to the file systems or directories, specify the —root option in addition to 
the —anon option. The—root option overrides the —anon option for client 
superusers only. 


A superuser on a client system can assume the identity of any other user 
on the client system by substituting the UID number. The client superuser 
could then have the access rights of another user on the server. Therefore, 
to protect sensitive exported data on the server, make root the owner of the 
data files and do not export the directory or file system with root mapping. 
This is useful if you need to export other files in the file system. 


The following example shows entries in an /etc/exports file: 


/usr/games —root=0 host8 1 
/usr/templates —root=host8 2 


1] Exports the /usr/games file system. It can be mounted remotely 
(read-write) only by the client system host8. However, the client 
superuser has superuser access to the file system. The superuser’s 
UID is O (zero). 


2] Exports the /usr/templates file system. It can be mounted remotely 
(read-write) by any client in the network. However, only the superuser 
on host8 has superuser access to the file system. 


Sending Mail to Superuser (root) Across NFS 


If the /usr/spool/mail directory is remotely mounted from the server, and 
the directory is not exported with the root =o option, client users will not be 
able to send mail to the superuser (root) on the server. To enable clients to 

send mail to root, set the root and admin aliases to the login name or names 


10-14 Network File System 


of the system administrators for that system. Then, users can address all 
mai! intended for the administrators of that system as follows: 


admin@system 
To enable clients to send mail to root, follow these steps: 


1. Edit the /var/adm/sendmail.cf£ file and add the alias name admin 
to the following line: 


CN MAILER-DAEMON postmaster 


The resulting line will look like the following line: 


CN MAILER-DAEMON postmaster admin 
This adds the name admin to the class N. 


Alternatively, you can run the Mail Configuration application and add 
admin as a local user. See Chapter 13 for more information. 


2. Edit the /var/adm/sendmail/aliases file, add the login names of the 
system administrators, and redefine (alias) the name root to be admin. 


3. Restart the sendmail daemon by using the following command: 


# /sbin/init.d/sendmail restart 


If you are enabling clients to send mail to root, remember the following: 


e tis best for all systems in the local area network (LAN) to follow this 
convention. Mail for root or admin on any system can be automatically 
directed to any user login on any system. 


¢ A /usr/spool/mail/root mailbox is not created or used. 


The following example shows the steps involved in enabling clients to send 
mail to root. 


# vi /var/adm/sendmail/sendmail.cf /1 


# vi /var/adm/sendmail/aliases |2 


# /sbin/init.d/sendmail restart |3 


1] Opens the /var/adm/sendmail/sendmail.cf file to add the admin 
alias. 


2] Opens the /var/adm/sendmail/aliases file to add the login names 
and root alias. 


3] Restarts the sendmail daemon. 


The following example shows entries in the /var/adm/sendmail/aliases 
file for the system administrators J ohn, Mary, and J oe: 
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admin: john,mary,joe 
root :admin 


10.5.6 Enabling Port Monitoring 


Only privileged users can attach to Internet domain source ports known as 
privileged ports. By default, NFS does not check to see if a client is bound to 
a privileged port. You might want to activate NFS server port monitoring to 
be sure that file access requests were generated by the client kernel rather 
than forged by an application program. 


Although this operating system enforces the privileged port convention, 
some operating systems do not. If hosts running a different operating system 
are on your network, activating port checking might not improve security, 
but could prevent those systems from functioning properly as NFS client 
systems. 

To start NFS server port monitoring, enter the following command: 


# /usr/sbin/nfsportmon on 


To stop source port monitoring, enter the following command: 


# /usr/sbin/nfsportmon off 


10.5.7 Monitoring the NFS Load 


Monitoring the NFS load allows you to see the number of NFS requests, 
both client and server, being executed on the local machine. It is a good 
idea to monitor NFS requests periodically to determine whether you need 
additional NFS server threads. 


To monitor NFS requests, use the nfsstat command with the following 
syntax: 


nfsstat —n 
See nfsstat(8) for more information on monitoring NFS load. 


The following example shows the client and server activity on a local 
machine: 

# /usr/bin/nfsstat —n 

nfs: 


calls badcalls 
69228 0 


Server nfs V2: 


null getattr setattr root lookup readlink read 

1 0% 24 0% 0 0% 0 0% 60 0% 0 0% 5 0% 
wrcache write create remove rename link symlink 
0 0% 58030 83% 20 0% 0 0% 0 0% 0 0% 0 0% 
mkdir rmdir readdir statfs 

0 0% 0 0% 0 0% 2 0% 
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Server nfs V3: 


null getattr setattr lookup access readlink read 

0 0% 667 0% 1009 1% 2598 3% 101 0% 200 0% 1408 2% 
write create mkdir symlink mknod remove rmdir 
1280 1% 376 0% 71 0% 200 0% 0 0% 676 0% 70 0% 
rename link readdir readdir+ fsstat fsinfo pathconf 
100 0% 100 0% 468 0% 0 0% 1750 2% 2 0% 0 0% 
commit 

10 0% 


Client nfs: 
calls badcalls nclget nclsleep 
224664 0) 224664 0) 


Client nfs V2: 


null getattr setattr root lookup readlink read 

0 0% 51328 22% 1069 0% 0 0% 41643 18% 455 0% 28793 12% 
wrcache write create remove rename link symlink 

0 0% 64665 28% 589 0% 1052 0% 352 0% 250 0% 250 0% 
mkdir rmdir readdir statfs 

171 0% 170 0% 2689 1% 1814 0% 


Client nfs V3: 


null getattr setattr lookup access readlink read 

0 0% 2038 0% 2180 0% 8534 3% 430 0% 450 0% 3136 1% 
write create mkdir symlink mknod remove rmdir 
3158 1% 1048 0% 243 0% 450 0% 1 0% 1848 0% 242 0% 
rename link readdir readdir+ fsstat fsinfo pathconf 
452 0% 350 0% 1240 0% 0 0% 3506 1% 3 0% 0 0% 
commit 

75 0% 


10.6 Managing an NFS Client 


10.6.1 


Your system can be an NFS client if the following conditions exist: 
e« Your system can reach an NFS server over the network. 


e Your system's host or network group name is included in the server's 
/etc/exports file, or the server is exporting a file system to all systems 
on the network. 


This section describes how to perform the following NFS client tasks: 

¢ Mount a remote file system or directory 

e« Mount a remote file system or directory with Automount or AutoFS 
¢ Unmount a remote file system or directory 


Mounting a Remote File System or Directory 
You can mount a remote file system or any subdirectory within a remote 


file system onto a local mount point. While mounted, it is treated as a file 
system by the local system. 
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To mount a remote file system or directory by using the SysMan Menu, 
do the following: 


1. FromtheSysMan Menu, select Networking>Additional Network 
Services Network File System (NF S)—>Configure system as an NFS 
client to display the Configure NFS Client dialog box. 

Alternatively, enter the following command on a command line: 


# /usr/bin/sysman nfs_ client 


2. Select the Mount Network Directories button to display the Mount 
Network Directory dialog box. 
A list of NF S-mounted directories that are saved in the /etc/fstab 
file is displayed. Remote file systems that you mounted by using the 
mount command are not included in this list. 


3. Select Add toadd a remote directory. The Add/Modify dialog box is 
displayed. 

4. Enter the host name of the NFS server from which the remote directory 
is exported in the Remote Host Name field. 


5. Enter the full path name of the directory to be imported in the Remote 
Directory Path field. 


6. Enter the full path name of the local directory on which the imported 
directory is to be mounted in the Local Mount Point field. 


7. Select whether the directory has read-only or read/write access with the 
appropriate radio button. 


8. Select the Mount on Reboot checkbox if you want the directory to be 
mounted each time you reboot. 


9. Select OK to validate the entry and to close the Add/M odify dialog box. 
Repeat steps 3 through 9 for additional directories. 


10. Select OK to save the list of directories you chose to import. The names 
of those directories that are to be mounted on reboot are saved in the 
/etc/ftstab file. 


You are informed that the changes have been made. Select OK to dismiss 
the message and to close the Mount Network Directory dialog box. 


11. Select OK toclose the NFS Client dialog box. 
You can also modify and delete your imported directories with the Mount 


Network Directory dialog box. See Section 10.6.3 and the online help for 
more information. 


Each directory imported via the Mount Network Directory dialog box is 
mounted using the bg and hard options of the mount command. If the first 
attempt to mount the directory fails, the client tries mounting it in the 
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background (bg option), and it continues attempting to mount the directory 
until the server responds (hard option). No other mount options can be 
selected via the dialog box. 


Optionally, you can use the mount or umount commands to mount or 
unmount remote file systems from the command line. Or, you can use a text 
editor to directly add, modify, or delete entries in the /etc/fstab file You 
would use these alternatives if you need to specify mount options that are 
not supported by the Mount Network Directory dialog box. See mount(8), 
umount(8), and fstab(4) for more information. 


10.6.2 Automatically Mounting a Remote File System 


10.6.2.1 


The following sections describe how to configure Automount and AutoFS, 
two daemons that allow you to automatically mount a remote file system or 
directory at the time of access. 


Before starting the configuration procedure for either daemon, determine 
whether you are using local maps or NIS-distributed maps. See 
Section 10.1.2 for a description of local and NIS-distributed maps. 


Using Automount to Mount a Remote File System 
To use local Automount maps, do the following: 


Login as root. 


Create a local auto.master map. You can create this and other maps 
in any directory on the system, but they are conventionally located in 
the /etc directory, where the SysMan Menu expects to find them. 


See Appendix B for information on creating maps. 


Note 


If you are modifying an existing auto.master map, you 
must stop and restart the automount daemon to apply the 
revised map. 


3. Create the local maps for your system. 


4. Start the automount daemon by using the NFS Client dialog box of 
the SysMan Menu. See Section 10.3.2 for information on starting the 
automount daemon. 


When the automount daemon starts, it uses the local auto.master file 
to determine the location of other maps, their local mount points, and the 
mount options. 
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10.6.2.2 


To use NIS-distributed Automount maps, do the following: 


1. Set up your system as an NIS client. See Section 9.3.3 for information 
on setting up an NIS client. 


2. Start the automount daemon by using the NFS Client dialog box of 
the SysMan Menu. See Section 10.3.2 for information on starting the 
automount daemon. 


TheNIS master server serves all Automount maps in the domain. When 
the automount daemon starts, it uses the master auto.master file to 
determine the location of other maps, their local mount points, and the 
mount options. 


If you alter your local or NIS-distributed Automount maps at any time, 
you must restart the automount daemon on clients as follows to apply the 
changes: 


1. FromtheSysMan Menu, select Networking>Additional Network 
Services>Network File System (NF S)—->Configure system as an NFS 
client to display the Configure NFS Client dialog box. 


Alternatively, enter the following command on a command line: 
# /usr/bin/sysman nfs_ client 
Deselect the Enable Automount check box. 


Select OK to disable Automount and Yes to restart the NFS daemons. A 
message indicates the the daemons are restarted; select OK to dismiss 
the message and close the NFS Client dialog box. 


Open the NFS Client dialog box again. 
5. Select the Configure for Automount check box. 


6. Select OK to enable Automount and Yes to restart the NFS daemons. A 
message indicates the the daemons are restarted. 


7. Select OK to dismiss the message and to close the NFS Client Setup 
dialog box. 


See automount (8) for information on the automount command and its 
arguments. 


Using AutoFS to Mount a Remote File System 


If you currently use Automount to mount remote file systems, and you are 
switching to AutoF S, see autofsd(8) and autofsmount(8) for information 
about features and restrictions that are specific to AutoFS. Note that 
Automount and AutoFS maps are compatible, with the few exceptions that 
are mentioned in Restrictions section of autofsmount(8). 
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To use local AutoFS maps, do the following: 


1. Login as root. 


2. Createa local auto.master map. You can create this and other maps 
in any directory on the system, but they are conventionally located in 
the /etc directory. 


See Appendix B for information on creating maps. 


Note 


If you are modifying an existing auto.master map, you 
must process the map with the autofsmount command 
to apply the changes. 


3. Create the local maps for your system. 
Start the autofsd daemon by entering the following command: 
# /usr/sbin/autofsd & 

5. Execute the autofsmount command to process your local master file: 
# /usr/sbin/autofsmount -m -f local master file 

6. Usethercmgr utility to configure AutoF S to start each time you boot 
your system. Note that the AutoFS parameters in the following steps 
are case sensitive and must be typed in uppercase as shown. 
a. Enablethe AutoFS daemon by entering the following command: 

# remgr -c set AUTOFS 1 


b. Specify options for the autofsd daemon and the autofsmount 
command, as follows: 


# remgr -c set AUTOFS ARGS "options" 
# remgr -c set AUTOFSMOUNT_ARGS "-m -f£ local _ master file" 


See autofsd(8) and autofsmount(8) for lists of the available 
options. 


When the autofsmount command is executed, it installs intercept points 
into the kernel based on the maps you created. When users access the 
associated file systems, the kernel communicates with the autofsd daemon 
to mount and unmount the file systems based on the map entries. 


To use NIS-distributed AutoFS maps, do the following: 


1. Set up your system as an NIS client. See Section 9.3.3 for information 
on setting up an NIS client. 


2. Start the autofsd daemon by entering the following commana: 
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# /usr/sbin/autofsd & 


3. Usethercmgr utility to configure AutoF S to start each time you boot 
your system. Note that the AutoFS parameters in the following steps 
are case sensitive and must be typed in uppercase as shown. 


a. Enablethe AutoFS daemon by entering the following command: 
# remgr -c set AUTOFS 1 


b. Specify options for the autofsd daemon and the autofsmount 
command, as follows: 


# remgr -c set AUTOFS ARGS "options" 
# remgr -c set AUTOFSMOUNT_ARGS "" 


See autofsd(8) for a list of its available options. Setting the 
autofsmount command torun with no options indicates that 
AutoFS is to use the NIS-distributed auto.master file. 


TheNIS master server serves all AutoFS maps in the domain. When the 

autofsmount command is executed, it uses the master auto.master file 
to determine the location of other maps, their local mount points, and the 
mount options. 


If you alter your local or NIS-distributed maps at any time, you must process 
the map with the autofsmount command to apply the changes. Note that 
you cannot update map entries while an active NFS file system is mounted 
on the designated mount point. You must unmount the NFS file system 
before the AutoFS mount-update takes effect. 


See autofsd(8) and autofsmount(8) for more information. See 
sys_attrs_autofs(5) for tuning information. 


10.6.2.3 Specifying automount and autofsmount Arguments 


You can specify arguments for the automount or autofsd daemons from 
the command line, in a local auto.master map, in an NIS-distributed 
auto.master map, or some combination of the three. However, it is 
important to know that the daemons read and carry out their instructions 
in the following order: 


1. Command line information, such as additional mount points or 
replacements to entries in a master map, are read first. Command 
line information takes precedence over instructions in any maps — 
local or NIS-distributed. 


2. Instructions ina local auto.master map (Specified with the —£ option) 
are read next. The information in the local master map overrides 
information in an NIS-distributed master map. 


3. Information in the NIS-distributed master map is read last. 
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When you invoke the automount or autofsmount commands without any 
options, they look for a distributed NIS map called auto.master. If they 
find one, the commands check the master map for information about the 
location of other maps, their local mount points, and the mount options. If 
they do not find one, and if nolocal auto.master is specified, the commands 
exit. 


You can pass command arguments to the automount daemon from the NFS 
Client dialog box of the SysMan Menu as documented in Section 10.3.2. 
You can also pass arguments to either automount or autofsmount in one 
of the following ways: 


¢ Specify all of the arguments to either command on the command line. 
For example: 


# automount /net —hosts \ 
/home /etc/auto.home -rw,intr \ 
/- /etc/auto.direct -ro,intr 


¢ Specify all of the arguments to either command in the 
re.config.common file by using the remgr utility. Arguments you 
specify in this file are passed to the command when you boot your 
system. For example: 


# remgr -c set AUTOMOUNT ARGS "/net —hosts \ 
/home /etc/auto.home -rw,intr \ 
/- /etc/auto.direct -ro,intr" 


For the autofsmount command, the parameter to set is 
AUTOFSMOUNT_ARGS, as follows: 


# remgr -c set AUTOFSMOUNT ARGS "/net —hosts \ 
/home /etc/auto.home -rw,intr \ 
/- /etc/auto.direct -ro,intr" 


¢« Indudethe arguments from the previous examples in an NI S-distributed 
auto.master Map: 


/net —-hosts 
/home /etc/auto.home -rw,intr 
/- /etc/auto.direct -ro,intr 


If thisNIS auto.master map is distributed, typing the automount 
command or the autofsmount command at the superuser prompt (#4 
produces the same results as the previous command line. 


e Indude the arguments in a local auto.master file and use the -f 
option to instruct the automount command or the autofsmount 
command to process the local auto.master file. The—£ option instructs 
these commands to consult the local master map first and then the 
N1S-distributed master map. For example: 
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10.6.3 


# automount -f£ /etc/auto.master 


You can also add the —m option, which forces the commands to ignore the 
N1IS-distributed master map completely, if there is one. For example: 


# automount -m -f /etc/auto.master 


Specify mount points on the command line, in addition to those included 
in the local auto.master file. For example: 


# automount -f /etc/auto.master \ 
/srce /etc/auto.sre —ro,soft 


Nullify one of the entries in the local auto.master map. For example: 
# automount -f£ /etc/auto.master /home —null 
This option is currently not supported by the autofsmount command. 


Replace an entry in the local auto.master map with one of your own. 
For example: 


# automount -f /etc/auto.master \ 
/home /mine/auto.home -rw, intr 


See automount(8) and autofsmount(8) for more information on these 
commands and their arguments. 


Unmounting a Remote File System or Directory 


Unmounting a remote file system or directory removes access to a particular 
file system or directory that is being imported from an NFS server; you can 
still import other directories or file systems. If you do not want toimport any 
file systems, you might want to deconfigure your NFS client as documented 
in Section 10.4. 


To unmount a remote file system or directory by using the SysMan Menu, 
do the following: 


1. 


From the SysMan Menu, select Networking—Additional Network 
Services Network File System (NF S)—>Configure system as an NFS 
client to display the Configure NFS Client dialog box. 


Alternatively, enter the following command on a command line: 


# /usr/bin/sysman nfs_ client 


Select the Mount Network Directories button to display the Mount 
Network Directory dialog box. 


A list of NFS-mounted directories that are saved in the /etc/fstab 
file is displayed. Remote file systems that you mounted by using the 
mount command are not included in this list. Use the umount command 
to unmount these file systems. See umount (8). 
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3. Select the entry that you want to unmount from the list. 


Select Delete to remove the highlighted entry from the list. Repeat steps 
3 and 4 toremove additional entries 


5. Select OK to save the current list of imported directories in the 
/etc/fstab file. 


You areinformed that the changes have been made. Select OK todismiss 
the message and to close the Mount Network Directory dialog box. 


6. Select OK toclose the NFS Client dialog box. 


You can also add and modify your imported directories with the Mount 
Network Directory dialog box. See Section 10.6.1 and the online help for 
more information. 


Optionally, you can use the mount or umount commands to mount or 
unmount remote file systems from the command line. Or, you can use a text 
editor to directly add, modify, or delete entries in the /etc/fstab file. See 
mount(8), umount(8), and fstab(4) for more information. 
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11 


UNIX-to-UNIX Copy Program 


The UNIX-to-UNIX Copy Program (UUCP) is a group of programs that 
enables batched, error-free file transfer and remote command execution 
between two UNIX systems. UUCP is typically used to transfer electronic 
mail, network nets, and public domain software over low-speed, | ow-cost 
communications links. Tru6é4 UNIX implements the HoneyDanBer version 
of UUCP. 


This chapter describes: 

¢ TheUUCP Environment 

¢ How to configure your system for UUCP 
« How to manage UUCP 


For general information about UUCP see uucp_intro(7). For information 
on how to use UUCP, see the Command and Shed User’s Guide 


For troubleshooting information, see Section 15.13. 


11.1 UUCP Environment 


In the VUCP environment, systems can be connected to each other in the 
following ways: 


¢ Directly connected to each other, if they are in close proximity 


¢ Connected through modems and a telephone network, if they are not in 
close proximity 

¢ Connected through a local area network (LAN), if they are not in close 
proximity 


Figure 11-1 shows two simple UUCP configurations. Figure 11-2 shows 
a sample UUCP configuration on a LAN in which Host A has a TCP/IP 
connection with Host C. 
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Figure 11-1: Sample Simple UUCP Configuration 
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Figure 11-2: Sample UUCP Over TCP/IP Configuration 
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11.2 Planning UUCP 


This section describes those tasks you need to do before configuring UUCP. 


11.2.1 Verifying the Correct Hardware 


In verifying the correct hardware, you need to verify both the cables and 
modems, if used. 


Make sure you are using the correct cable to connect to the serial port of 


your system. If you do not, you might experience signal degradation and the 
software will fail to function properly. 
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11.2.2 


11.2.2.1 


If the two systems are in close proximity to each other, use one of the null 
modem cables listed in Table 6-1. 


If the two systems are connected through modems and telephone lines, 
see Table 6-7 for a list of modem cables to use. When using modems with 
UUCP, make sure that both the local and the remote modems are correctly 
configured. 


UUCP can also be configured torun over TCP/IP local area networks (LANs). 
For information on running UUCP over aLAN, Seeuucp manual_setup(7). 


Preparing for the Configuration 


UUCP configuration consists of defining the following parts: 

¢ Connection information for your system 

¢ Dial-up information for outgoing calls 

e Information for receiving incoming calls 

The type of information you need depends on the types of connections you 


plan to set up and use. The following sections contain worksheets that you 
can use to record the information required to configure UUCP. 


Information for Connections 


Figure 11-3 shows the UUCP Setup Worksheet. If you are viewing this 
manual online, you can use the print feature to print a copy of the worksheet. 
The sections that follow explain the information you need to record on the 
worksheet. 
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Figure 11-3: UUCP Setup Worksheet 


UUCP Setup Worksheet 


Type of connection: Modem [_] Direct link [-] TCP/IP 
Modems: 
Modem type: 
Baud rate: Any 
Device name: 


/etc/inittab entry ID: 


Direct links: 
Remote system name: Direct 
Baud rate: Any 
Device name: 


/etc/inittab entry ID: 


TCP/IP: 
Outgoing connections: [_]Yes L_] No 
Incoming connections: lYes No 


Type of connection 


The types of connections you want to configure. You can configure one 
or all of the following connections: 


« Modems — Modems enable you to use UUCP over analog 
transmission facilities, which include telephone lines. 


¢ Direct (hardwired) links — Direct hardwired links connect systems 
with cables. 


e« TCP/IP — Connections using the TCP/IP protocol. 


For modem connections, supply the following information: 
Modem type 


The type of modem you want to use. The supported devices are listed 
in the /usr/lib/uucp/Devices file. For more information, see 
uucp_manual_setup(7). 


Baud rate or Any 


The speed at which the modem is to operate; for example: 1200, 2400, 
9600, or any. 
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Device name 


The name of the tty device that you want the modem to use, as listed 
in the /dev directory. If you are unsure of the terminal device, see 
ports(7). 


/etc/inittab entry ID 


The process ID for the uugetty process entry in the /etc/inittab 
file. The uugetty process sets up speed, terminal flags, and the 
line discipline for managing terminals. For more information, see 
uugetty(8). 


Note 


Run the uugetty command only on RS-232 lines, not 
printer or console lines. 


For direct link connections, supply the following information: 
Remote system name or Direct 


The type of direct link. If you want to connect to a specific remote 
system, enter the name of the remote system. This restricts connections 
to that system only. 


If you want to connect to any system to which you have a direct 
hardwired connection, check Direct. 

Baud rate or Any 
The speed at which the direct link is to operate; for example: 1200, 
2400, 9600, or any. 

Device name 


The name of the tty device that you want the direct link to use, as 
listed in the /dev directory. If you are unsure of the terminal device, 
see ports(7). 


/etcfinittab entry ID 


The process ID for the uugetty process entry in the /etc/inittab 
file. The uugetty process sets up speed, terminal flags, and the 
line discipline for managing terminals. For more information, see 
uugetty(8). 
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Note 


Use the uugetty command to configure only RS-232 lines, 
not printer or console lines. 


For TCP/IP connections, supply the following information: 


Outgoing connections 


If you want to configure UUCP to place outgoing calls over TCP/IP, 
check Yes. When you enable UUCP to place outgoing calls over TCP/IP, 
an entry for TCP/IP is added to the /usr/1lib/uucp/Devices file. 


Otherwise, check No. 


Incoming connections 


If you want to configure UUCP to accept incoming calls over TCP/IP, 
check Yes. When you enable UUCP to accept incoming calls over 
TCP/IP, the /etc/inetd.conf file is modified. In addition, you must 
stop and restart the inetd daemon to be able to accept UUCP calls 


over TCP/IP. 
Otherwise, check No. 


11.2.2.2 Information for Outgoing Systems 


Figure 11-4 shows the UUCP Outgoing Systems Worksheet. If you are 
viewing this manual online, you can use the print feature to print a copy of 
the worksheet. The sections that follow explain the information you need 


to record on the worksheet. 
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Figure 11-4: UUCP Outgoing Systems Worksheet 


Remote system name: 
Type of connection: [_] Modem Direct link [] TCP/IP 

TCP/IP conversation protocol: []g L]t Lle Lif 
Calling times: 
Baud rate: Any 
Phone number (for modem): 
Login ID: 


For modem/direct links, 
expect-send string: [_] Carriage returns 
[_] None 
[1 Prompt 


Remote system name 


The name of the remote system to which you plan to connect. 


Type of connection 


The type of the connection. Check modem, direct hardwired, or TCP/IP. 
You must configure the type of the connection with the information 
from Section 11.2.2.1. 


TCP/IP conversation protocol 


For TCP/IP connections, the TCP/IP conversation protocol, which can 
be one of the following: 


* g— Specifies the default protocol, which provides error checking. 


¢ t— Presumes an error-free channel and therefore is not reliable 
for use with modem connections. 


« e— Used to communicate with sites that are running both Tru64 
UNIX and other UNIX versions of UUCP. 


¢« £— Relies on flow control of the data stream. It is meant for 
working over links that can virtually be guaranteed to be error 
free, specifically X.25/PAD links. 
Calling times 


The times when your system is allowed to connect to the remote host. 
You can select the following times: 


e Any time of any day 
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e« Evenings — Monday to Friday 5 p.m. to 8 a.m.; Saturday and 
Sunday, all day 


e Any three nights — You can choose the three nights from the 
following: 


- Monday toFriday, 11 p.m. to8 a.m. 
- Saturday, all day 
- Sunday, until 5 p.m. 

e« Never 


Baud rate or Any 


The baud rate that corresponds to a device you configured in the 
/usr/lib/uucp/Devices file, or you can specify any, if the device 
can be used at any speed. 


Phone number (for modem) 


For modem connections, the telephone number of the remote system. 
You can enter the complete telephone number or a dialing prefix and 
the telephone number. 


A dialing prefix is defined in the /usr/1lib/uucp/Dialcodes 

file The /usr/lib/uucp/Dialcodes file contains dial code 
abbreviations and partial phone numbers that complete the telephone 
entries in the /usr/lib/uucp/Systems file. Entries in the 
/usr/lib/uucp/Dialcodes file contain an alphabetic prefix attached 
toa partial phone number that can include, for example, access codes, 
area codes, and exchange numbers. 


If you know the dialing prefix, enter it on the worksheet. If none is 
defined, enter it and the sequence of numbers to be associated with 
the prefix. 


Login ID 


The login name for your system on the remote system. This must 
match the information in the /etc/passwd file on the remote system. 
Ask the administrator of the remote system for the login name and 
password that is assigned to your system on the remote system. The 
administrator of the remote system must include the login name and 
password for your system in the remote system's /etc/passwd file. 
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Note 


Although the password for the login |D on the remote system 
is required in order to configure UUCP, to protect system 
security do not write the password on this worksheet. 


For modem/direct links, expect-send string 


The expect -send string to be used immediately before performing the 


login on the remote system. You can choose one of the following: 


¢« Tosend a series of carriage returns before expecting any characters 


from the remote system 
¢ Tospecify no expect -send strings 
¢ Tobe prompted to enter expect -send strings 


Modems usually use a Series of carriage returns as an expect -send 


string. 


For more information on expect -send strings, see Systems(4). 


11.2.2.3 Information for Incoming Systems 


Figure 11-5 shows the UUCP Incoming Systems Worksheet. If you are 


viewing this manual online, you can use the print feature to print a copy of 


the worksheet. The sections that follow explain the information you need 
to record on the worksheet. 


Figure 11-5: UUCP Incoming Systems Worksheet 


Remote system name: 
Local system name: 
Login ID: 
Alternative login ID: 
REQUEST option: ] Yes No 
SENDFILES option: [_] Yes Call 
Additional READ/WRITE locations: 
Additional NOREAD/NOWRITE locations: 
Commands: 


VALIDATE option: ] Yes No 
CALLBACK option: [_] Yes No 


Phone number (for modem): 
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Remote system name 


The name of the remote system you want to allow to establish incoming 
UUCP connections. 


Local system name 


The name of your system. The default provided is the name that you 
assigned to your system at installation. 


Login ID 


The login ID for the remote system. The login 1D is automatically 
added to the /etc/passwd file on your system. 


By convention, the login |D that you assign to a remote system 
establishing incoming connections is the system name prefixed with 
an uppercase u (U). For example, if you specify machinel for incoming 
connections, the login 1D, by convention, is Umachinel; however, you 
can select any login ID. 


You also have the option of adding a comment tothe /etc/passwd 
file for this login ID. 


Alternative login ID 


You have the option to assign more than one login | D for each incoming 
system. Assigning multiple logins to a remote system allows you to 
maintain better access control for users on the remote system. With 
multiple logins, you can grant privileged users on the remote system 
more access on your system than you do to nonprivileged users. With 
multiple logins, you can assign multiple sets of permissions. 


You must provide this information to the administrator of each remote 
system that will connect to your system as an incoming system. 


REQUEST option 


If you want a remote system to ask for any queued work on the local 
system that is meant for that remote system, check Yes; otherwise, 
check No. 


If you check Yes, remote system users can transfer files to and execute 
commands on a local system more easily. If security is a consideration, 
you can restrict this access so that the local system retains control of 
file transfers and command executions initiated by remote systems. 
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SENDFILES option 


If you want the local system to try to send queued work to the calling 
remote system after the remote computer finishes transferring files to 
or executing commands on the local system, check Yes. 


Security considerations at your site might require that you limit a 
remote system’s access to the local system. In this case, check Call to 
send queued work to the remote system only when the local system 
contacts the remote system. 


Additional READ/WRITE locations 


If you do not specify pathnames in the READ and WRITE options, uucp 
permits files to be transferred only tothe /usr/spool/uucppublic 
directory. However, if you specify pathnames in these options, you 
must enter the pathname for every source and destination. If you enter 
a pathname in either option, you must also explicitly specify the public 
directory if you want the uucico daemon to be allowed to place files 

in that location. 


Additional NORE AD/NOWRITE locations 


These options allow you to explicitly specify directories and files on the 
local system to which the remote system cannot transfer data. These 
are exceptions tothe READ and WRITE options. 


Commands 


A list of commands the remote system is allowed to run on the local 
system. If you list a set of commands, that list comprises the new 
default command set for the systems listed in the MACHINE entry of 
the /usr/lib/uucp/Permissions file. The default is the command 
rmail only. 


VALIDATE option 


If you want the calling remote system to use a specific! D and password, 
check Yes; otherwise, check No. 


If you use this option, no other |D from the remote system can call in. 
Several systems, however, can use the same!D. The VALIDATE option 
is meaningful only when the login !|D and password are protected. 


CALLBACK option 


If you want the local system to contact the remote system before the 
remote system can transfer any files to the local system, check Yes; 
otherwise, check No. 
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If both systems use the CALLBACK option in their respective 
Permissions files, they will never be able to communicate with each 
other. 


Phone number (for modem) 


For modem connections, the phone number and speed of the modem 
attached to the local system. You must provide this information tothe 
administrator of each remote system that will connect to your system 
as an incoming system. 


11.3 Configuring UUCP 


After you complete the required UUCP planning, use the uucpsetup script 
to configure UUCP. To invoke the uucpsetup Script, enter the following 
command: 


# /usr/sbin/uucpsetup 


By default, the uucpsetup script prompts you for the information required 
to configure connections, incoming systems, and outgoing systems. To 
configure only specific components, you can specify one of the other options 
listed in Table 11-1: 


Table 11-1: Options for uucpsetup Command 


Use this command: If you want to: 

uucpsetup Configure connections, incoming systems, 
and outgoing systems 

uucpsetup —i Configure the incoming systems only 

uucpsetup —o Configure the outgoing systems only 

uucpsetup —p Configure the Poll file 


The following sections provide information on how to configure connections, 
incoming systems, outgoing systems, and the Po11 file 


11.3.1 Configuring Connections 


After you invoke uucpsetup, use the the information you gathered in 
Section 11.2.2.1 to configure UUCP connections. The following guidelines 
explain how to answer some of the script questions: 


« Device names — The script lists the available device names. Enter the 
last letter or number of the device that you want the modem to use. For 
example, if you want to use tty01, enter 1. 
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/etc/inittab entry ID — Thescript prompts you for the Tdentifier 
field and asks if this entry will be used in shared mode. It automatically 
supplies information for the other fields. No two processes can have 
the same ID. 


The following example illustrates how to select the process |D (PID) u4: 


Select an ID for the process in /etc/inittab file 
For example type ‘ul’: u4 


TheID that you select is checked against those that exist in the 
/etc/inittab file. If the ID that you assign exists, the uucpsetup 
script prompts you to enter another ID. 


You must also indicate whether the system will use the modem or direct 
line in shared mode. 


For moreinformation on the /etc/inittab file, see inittab(4). 


11.3.2 Configuring Outgoing Systems 


After you invokethe uucpsetup script, usethe the information you gathered 
in Section 11.2.2.2 to configure UUCP for outgoing systems. This enables 
you to use UUCP to connect to other remote systems. 


If you are doing a complete UUCP setup, the uucpsetup script prompts you 
for information on outgoing systems when you finish configuring connections. 
The following guidelines explain how to answer some of the script questions: 


Phone number — If you choose a dialing prefix and the telephone 
number, the script prompts you to enter a prefix to be defined in the 
/usr/lib/uucp/Dialcodes file. After you enter the prefix, the script 
prompts you for the meaning of the prefix. Enter the sequence of 
numbers that you want the system to substitute for the prefix. The 
following example illustrates how to define the prefix btown to be the 
dialing sequence 1617772: 
Enter the prefix for the Dialcodes file; for example "boston" 

stands for 9=16171234 : btown 
What telephone number does the prefix stand for; Please include 

the long distance access code, area, or country codes; 

for example type 9=1617123 : 9=1617772 
The 9 in this example is used to obtain a secondary dial tone. The 9 
is site specific; it can be different for your site. The equal sign (=) is 
used with the 9, or number for your site, and means “wait for the dial 
tone.” Following the equal sign (=) is the rest of the number. Enter the 
rest of the number. 


Password — For security considerations, the password is not written 
on the worksheet. However, when the script prompts for it, you must 
enter it. 
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If you define an outgoing TCP system, edit the /etc/uucp/Systems file 
and add an entry for the remote system. The remote system name must 
be the fully qualified name. 


When you finish configuring your outgoing system, you need to configure the 
/usr/lib/uucp/Pol1 file. See Section 11.3.4 for more information. 


11.3.3 Configuring Incoming Systems 


After you invoke the uucpsetup script, usethe the information you gathered 
in Section 11.2.2.3 to configure UUCP for incoming systems. This enables 
specific remote systems to connect to your system using UUCP. 


If you are doing a complete UUCP setup, the script prompts you for 
information on incoming systems when you are done configuring outgoing 
systems. 


The first time you add an incoming system, the Incoming Systems 
Configuration menu prompts you for the name of the system you want to add. 
After you add an incoming system, this menu offers you the following choices: 


¢ Specify a remote system name. 


¢ Specify options for all the other systems not specified in the 
Permissions file but listed in the Systems file. 


e Neither. If you choose this option, the script terminates and the defaults 
for the options are not entered in the Permissions file. 


The following guidelines explain how to answer some of the script questions: 


« Password — The uucpsetup script invokes the vipw command, which 
starts your default editor (defined in the EDITOR environment variable) 
and allows you to edit the UUCP entry for the incoming system. After 
you are finished editing the /etc/passwad file, save the file, exit the 
editor, and supply a password for the new entry. The following example 
shows output from this process on a system that is configured to use 
the vi utility as its default editor: 


Invoking ‘vipw’. 

Press RETURN to continue... 

Return 

root: fQPPWjJF20Dfso:0:1:Charles Root:/:/bin/csh 

nobody: *Nologin: 4294967294 :4294967294:anonymous NFS user:/: 

daemon:*:1:1:Mr Background,,,:/: 

uucp:No Login:2:2:UNIX-to-UNIX Copy:/usr/spool/uucppublic:\ 
/usr/lib/uucp/uucico 

bin:*:3:4:Mr Binary:/bin: 

marcy :5jWOVXKeP6n1E:1242:15:Marcy Darcy,,,:\ 
/usr/users/marcy:/bin/false 

Umachinel:H/kj951Fql2ub:2:2:uucp login:/usr/spool/uucppublic:\ 


11-14 UNIX-to-UNIX Copy Program 


/usr/lib/uucp/uucico 


"/etc/ptmp" 15 lines, 933 characters 


:wq 
15 password entries, maximum length 100 


You must enter a password 
Changing password for Umachinel. 
New password: 

Retype new password: 


You must provide this information to the administrator of each remote 
system that will connect to your system as an incoming system. 


* Commands — Thescript prompts you for each command separately. 
If you define an incoming UUCP system and your system uses NIS, edit the 


/etc/passwd file and add the wildcard (+:) as the last line (if not there 
already). 


11.3.4 Configuring the Poll File 


11.3.5 


After you finish configuring an outgoing system, you need to configure the 
/usr/lib/uucp/Pol1 file to schedule the intervals at which the local 
system will poll remote systems. You can configure the Po11 file by invoking 
the uucpsetup script with the—p option and completing the following steps: 
Enter 1 (Configure the Poll file) from the Poll File Configuration Menu. 


Enter the name of the remote system, which has been configured in the 
/usr/lib/uucp/Systems file as an outgoing system. 


3. Enter the sequence of hourly intervals. For example, to have the system 
polled every 4 hours, enter 0 48 12 16 20. 


Press Return to update the Pol] file. 
4. Toadd another system tothe Poll file, enter y; otherwise, press Return 
to exit uucpsetup. 


See Pol11(4) for more information about the Pol] file. 


Configuring the uucico Daemon 


The uucico daemon transfers UUCP command, data, and execute files to 
remote systems. Both the local and remote systems run the uucico daemon, 
and the two daemons communicate with each other to complete transfer 
requests. 
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Typically, the uucico daemon is set up as the UUCP user’s login shell 

for incoming connections, or it is automatically called by various UUCP 
commands for outgoing connections, and no further configuration is 
necessary. However, you might need to specify the type of flow control 
uucico uses for certain UUCP transfers. For example, if you establish a 
connection to a terminal server via a modem and then telnet toa UUCP 
account, you might require a different type of flow control than a user who 
initiates UUCP transfers via a serial port connection. 


To specify the type of flow control that the uucico daemon uses, set the 
FLWCTL environment variable for the accounts on your system that use 
UUCP connections. Permitted values for FLWCTL are: HW (hardware), 
SW (software), HSW (hardware and software), and NONE. The local and 
remote systems must use the same type of flow control. If the remote site 
runs UUCP on a different platform, set FLWCTL to NONE on the Tru64 
UNIX system. 


For example, to establish a UUCP connection over telnet, you would set 
flow control to NONE as follows: 


$ export FLWCTL=NONE 
$ /usr/lib/uucp/uutry remote site 


On a system that is configured to allow other sites to dial in, you can use 
the following procedure to create a customized script that automatically sets 
the FLWCTL variable: 


1. Createa file, optionally called uu_start, that contains the following 
commands: 


#! /bin/ksh 
export FLWCTL=NONE 
exec /usr/lib/uucp/uucico $* 


2. Changethe permissions on the file to make it executable: 


# chmod +x /usr/local/bin/uu_start 


3. Changethe UUCP account’s login shell from /usr/lib/uucp/uucico 
to the new executable file: 


# chsh uucp 
Old shell: /usr/lib/uucp/uucico 
New shell: /usr/local/bin/uu_start 


11.4 Monitoring the File Transfer Queue 


Monitoring the file transfer queue enables you to determine the status of 
several types of networking operations, including jobs that have been queued 
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on a local system for transfer to a remote system. General users and system 
administrators can monitor the file transfer queue. 


11.4.1 Getting Queue Status Manually 


To get queue status manually, usethe uustat —gq command. 


This command lists the jobs queued for all systems. The jobs listed in the 
queue include jobs that are currently executing as well as jobs that are 
waiting to execute. If a status file exists for a system, its date, time, and 
status information are reported. 


The uustat command also allows you to do the following: 

¢ Get information about the status of mail activities 

¢ Control uucp jobs queued to run on remote systems 

e Check the status of uucp connections to other systems, using the —m flag 
¢« Cancel transfer requests, using the-k flag 


¢ Monitor requests for file transfers generated with the uucp and uuto 
commands, and requests for command executions generated with the 
uux command 


See uustat(1) for more information on uustat flags. 


The following example shows all jobs in the current queue: one command file 
for system host4, three command files for system host6, and two command 
files for system host8. The command files for system host6 have been in 
the queue for 2 days. 


# uustat —-q 

host4 1C Sat May 9 11:12:30 1992 SUCCESSFUL 

host6 3C(2) Sat May 9 11:02:35 1992 CAN’T ACCESS DEVICE 
host8 2C Sat May 9 10:54:02 1992 NO DEVICES AVAILABLE 


11.4.2 Getting Queue Status Automatically 


You can automatically receive status information about the 

uucp file transfer queue. To enable this mechanism, edit the 
/usr/spool/cron/crontabs/uucp file and delete the comment character 
(# from the beginning of the following line: 


# 48 8,12,16 * * * /usr/lib/uucp/uudemon.admin > /dev/null 


In the preceding example: 
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48 Represents minutes 
8,12,16 Represents hours based on 24-hour clock notation 


ebaey Three asterisks are placeholders representing the day of the 
month, the month of the year, and the day of the week 


The cron daemon will run the uudemon. admin shell script daily at 48 
minutes past the hours 8, 12, and 16; that is, at 8:48 a.m., 12:48 p.m., and 
4:48 p.m. The uudemon. admin script sends mail to the uucp login ID 
containing queue status information. 


Note 


These times are the defaults. You can change the time 
to fit the needs of your site by editing the line in the 
/usr/spool/cron/crontabs/uucp file. 


You can also manually run the uudemon. admin script by entering the 
following command: 


# /usr/1ib/uucp/uudemon. admin 


11.4.3 Guidelines for Checking Queue Status 


When examining queue status, check the number and age of 

the filetransfer and command execution requests queued in the 
/usr/spool/uucp/system_ name directory. In some cases, queued jobs 
remain in the queue for some time, essentially going undelivered. The status 
information you need to check includes: 


¢ Theage in days of the oldest request in each queue 


¢ Thenumber of times the local system has tried and failed to reach the 
specified computer 


e« Thereason for the failure to contact the specified system 
See Appendix E for error messages and solutions. 


If necessary, delete the files in the queue, either manually or automatically. 
See Section 11.5 for information on deleting files. 


11.5 Cleaning Up the Spooling Directories 


Each system connected by UUCP has the following spooling directories: 


¢ The/usr/spool/uucp/system name directory is the UUCP spooling 
directory. It contains queued local requests for file transfers and 
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command executions on remote systems. These files are removed by the 
uucp program after they are transferred to the designated system. 


¢ The/usr/spool/uucppublic directory is the UUCP public directory. 
When a user transfers a file to a remote system or issues a request to 
execute a command on an other system, the files generated by these 
UUCP commands are stored in the public directory on the designated 
system. 


Depending upon the size of your installation and the number of files sent to 
the local /usr/spool/uucppublic directory by users on remote systems, 
the public directory can become quite large. Similarly, if requests are not 
transferred to remote systems for whatever reasons, the spooling directory 
could also become quite large. Therefore, part of UUCP management is to 
clean up the spooling directories and conserve disk resources. 


11.5.1 Cleaning Up Directories Manually 


To clean up the spooling directories manually, log in as root and remove the 
files by using the uucleanup command. 


The uucleanup program performs the following tasks: 


¢ Informs the system manager of requests to send files to and receive files 
from remote systems that the local system cannot contact. 


e Warns users about requests that have been waiting in the spooling 
directory for a given period of time. The default is 1 day. 


e Returns tothe original sender mail that cannot be delivered. 


« Removes all other files older than a specified number of days from the 
spooling directory. 


Note 


Depending on the size of your installation and the available 
storage space on the local system, you can set the age limit 
for any length of time. However, it is best to allow files to 
remain in the spooling directory for at least the default 
number of days. 


See uucleanup(8) for more information on the uucleanup command options. 


The following example deletes all old files in the VUCP spooling and public 
directories for system host2 on the local system: 


# uucleanup —shost2 
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11.5.2 Cleaning Up Directories Automatically 


Although automatic cleanup is not enabled when UUCP is installed, you 
can enable it by doing the following: 
Login as root. 


Edit the /usr/spool/cron/crontabs/uucp file and delete the 
comment character (# from the beginning of the following line: 


# 45 23 * * * ulimit 5000; /usr/lib/uucp/uudemon.cleanu > /dev/null 


In the preceding example: 


45 Represents minutes 
23 Represents hours based on 24-hour clock notation 
ee ae Three asterisks are placeholders representing the day of the 


month, the month of the year, and the day of the week 


The cron daemon will start the uudemon.cleanu Shell script daily 
at 45 minutes after hour 23; that is, at 11:45 p.m. The shell script in 
turn starts the uucleanup program. This time is the default. You can 
change the time to fit the needs of your site by editing the line in the 
/usr/spool/cron/crontabs/uucp file. 


You can instruct the cron daemon to run the uudemon.cleanu Shell script 
daily, weekly, or at longer intervals, depending on the number of uucico and 
uuxqt transactions that occur on the local system. 


The uudemon.cleanu script incorporates the actions of the uucleanup 
program and performs the following additional tasks: 


e Locates and deletes empty directories and files older than 30 days from 
the /usr/spool/uucppublic directory. This helps keep the local file 
system from overflowing when users send files to the public directory. If 
the local system does not have enough storage space to accommodate a 
large /usr/spool/uucppublic directory, you can change the 30-day 
default toa shorter time period by modifying the uudemon.cleanu Shell 
script. 


¢ Cleans up all the uucp spooling directories, including the public 
directories, unless you direct it to clean up only the directories of a 
specific system by issuing the uucleanup -s system name command. 


e Updates archived log files, removing log information more than 2 days 
old. The script removes log files for individual computers from the 
/usr/spool/uucp/.Log directory, merges them, and places themin the 
/usr/spool/uucp/.O1d directory, which contains old log information. 
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« Mails asummary of the status information gathered during the current 
day to the UUCP login ID. You can modify the script to send status 
information to other login IDs, such as root. 


The operating system allots UUCP a specified amount of storage space for 
any one log file; the number of blocks is determined by the default ulimit 
value. If the uudemon.cleanu Script fails to execute because the ulimit 
value is set too low for the requirements of the local system, increase the 
default ulimit value. 


See uudemon(8) for more information on command options. 


11.5.3 Guidelines for Removing Files 


When removing files from the queue, observe the guidelines for the following 
files: 


e« Execute files — Usually, you can remove execute files that have 
been in the queue for at least 2 days, using either the uucleanup or 
uudemon.cleanu script. The execute files are still queued because the 
data files required to execute the specified command on the designated 
system were not transferred. Since data files are generally sent at the 
same time as execute files, the transfer probably failed at the point of 
destination. Execute files are named X. filename and data files are 
named D. filename. 


« Command files — Before removing old command files, make every 
possible effort to establish the connection and transfer the files. 
You can then remove these files by using either the uucleanup or 
uudemon.cleanu script. Command files are named C. filename. 


11.6 Viewing Log Files 


The uucp program creates a log file for each remote system with which your 
local system communicates. Each time you use the networking utilities 
facility, uucp places status information about each transaction in the 
appropriate log file. Log file names can be in either of the following forms: 


/usr/spool/uucp/.Log/daemon_name/system_name 
/usr/spool/uucp/.Log/command_name/system_name 


In the preceding example: 


daemon_name Represents either uucico (called by the uucp and uuto 
commands) or uuxgt (called by the uwux command) 
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command_name Represents either uucp or uux 


system_name Represents the name of the system with which your 
local system is communicating 


To display individual log files, use the uulog command. 


You can use the uulog command to display a summary of uucp and uux 
requests by user or by system. See uulog(1) for more information on the 
uulog command and its options. 


Instead of viewing the log files individually, you can have the 
uudemon.cleanu script automatically append these log files to one primary 
log file, and then view only the primary log file. 


The uudemon.cleanu script combines the uucico, uuxgt, uux, and 
uucp log files on a system and stores them in a directory named 
/usr/spool/uucp/.Ol1d. By default, the uudemon.cleanu Script saves 
log files that are up to two days old. 


You can change the default by modifying the —o2 option in the following 
line in the uudemon. cleanu script: 


uucleanup —D7 —-C7 -—X2 -o2 —W1 


If storage space is a problem on a particular system, consider reducing 
the number of days that the files are kept in the individual log files. See 
Section 11.5.2 for information on setting up the uudemon. cleanu Script. 


The following command displays the log file for uucico requests for system 
host2: 


# uulog -s host2 


The following command displays the log file for uuxqt requests for system 
host1: 


# uulog -x hostl 


The following command displays the last 40 lines of the file transfer log for 
system host6 and executes a tail —f command. Press Ctrl/C to terminate 
the command. 


# uulog -f host6é —40 


11.7 Cleaning Up sulog and cron/log Files 


The following two system log files are affected by the uucp program: 


¢ The/usr/adm/sulog file contains a history of superuser (su) command 
usage. The uudemon entries in the /usr/spool/cron/crontabs/uucp 
file each use the su command. 
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¢ The /usr/adm/cron/1log file contains a history of all the processes 
generated by the cron daemon. 


Both files can grow quite large over a period of time. Purge these files 
periodically to keep them at a reasonable size. See Systen Administration 
for information on these files. 


11.8 Limiting the Number of Remote Executions 


The Maxuuxats file, located in the /usr/1ib/uucp directory, limits the 
number of uuxqt processes running simultaneously on a local system. 
Typically, the file requires no configuration or maintenance unless the 
system on which it is installed is utilized frequently and heavily by users on 
remote systems. 


To change the number of uuxgt processes on the system, edit the Maxuuxqts 
file and change the ASCII number to meet the needs of your installation; the 
default is 2. In general, the larger the number, the greater the potential load 
on the local system. 


11.9 Scheduling Work in the Spooling Directory 


When users issue uucp commands to copy files and execute remote 
commands, the files containing these work requests are queued for transfer 
inthelocal /usr/spool/uucp/system name directory. The uucp daemon 
uusched schedules the transfer of these files. 


11.9.1 Starting uusched Manually 


You can start the uusched daemon manually to schedule jobs by executing 
the uusched command. See uusched(8) for a list of available options. 


11.9.2 Starting uusched Automatically 


Although you can start the uusched daemon manually, the preferred method 
is to start it automatically at specified intervals by using the uudemon. hour 
shell script, which is stored in the /usr/1lib/uucp directory. The shell 
script, in turn, is started periodically by the cron daemon, based on 
instructions in the /usr/spool/cron/crontabs/uucp file. 


The /usr/lib/uucp/Maxuuscheds file limits the number of remote 
systems that the uucico daemon can contact at any onetime. This file 

is used in conjunction with the uusched daemon and the lock files in the 
/usr/spool/locks directory to determine the number of systems currently 
being polled. 


UNIX-to-UNIX Copy Program 11-23 


11.10 


The Maxuuscheds file requires no configuration or maintenance unless the 
system on which it is installed is utilized frequently and heavily by users 
on remote systems. You use this file to help manage system resources and 
load averages. 


The Maxuuscheds file contains as number that you can change to meet the 
needs of your installation; the default is 2. In general, the larger the number, 
the greater the potential load on the local system. 


See uusched(8) for more information on the uusched command and its 
options. 


The following command starts the uusched daemon manually as a 
background process: 


# /usr/lib/uucp/uusched & 


Calling File Transfer Programs (uudemon.hour) 


Theuudemon. hour shell script is used in conjunction with the Po11 file, the 
uudemon.poll shell script, and the /usr/spool/cron/crontabs/uucp 
file to initiate calls to remote systems. Specifically, uudemon.hour calls 
programs involved in transferring files between systems at specified hourly 
intervals. 


You can instruct the cron daemon to run the uudemon. hour shell script at 
specified hourly intervals. The frequency at which you run the script depends 
on the amount of file transfer activity originating from the local computer. 


Although the uudemon. hour shell script is not enabled when UUCP is 
installed, you can enable it by doing the following: 
Log in as root. 


Edit the /usr/spool/cron/crontabs/uucp file and delete the 
comment character (# from the beginning of the following line: 


# 25,55 * * * * /usr/lib/uucp/uudemon.hour > /dev/null 


In the preceding example: 


25,55 Represents minutes past the hour 


He ee Ne Four asterisks are placeholders representing the hour 
interval, the day of the month, the month of the 
year, and the day of the week 


The cron daemon will run the uudemon . hour script at 25 minutes past 
the hour and again at 55 minutes past the hour; for example, at 8:25 
a.m. and 8:55 a.m., 9:25 a.m. and 9:55 a.m., and so on. 
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11.11 


These times are the defaults. You can change the time to fit the needs of 
your site by editing the linein the /usr/spool/cron/crontabs/uucp 
file. 


If users on the local system initiate a large number of file transfers, you 
might need to specify that the cron daemon run the uudemon. hour script 
several times an hour. If the number of file transfers originating from the 
local system is low, you can probably specify a start time once every 4 hours, 
for example. 


Polling Remote Systems (uudemon.poll) 


Theuudemon.poll shell script is used in conjunction with the Po11 file, the 
uudemon. hour Shell script, and the /usr/spool/cron/crontabs/uucp 
file to initiate calls to remote systems. The uudemon. poli shell script polls 
the systems listed in the /usr/lib/uucp/Pol11 file. In addition, it creates 
command files for the systems listed in the Po11 file. 


The time at which you run the uudemon. poli script depends on the time 
at which you run the uudemon. hour script. You generally schedule the 
polling shell script to run before the hourly script. This schedule enables the 
uudemon. poll script to create any required command files before the cron 
daemon runs the uudemon. hour script. 


Although the uudemon. poli script is not enabled when UUCP is installed, 
you can enable it by doing the following: 


1. Login as root. 


2. Edit the /usr/spool/cron/crontabs/uucp file and delete the 
comment character (# from the beginning of the following line: 


# 20,50 * * * * /usr/lib/uucp/uudemon.poll > /dev/null 
In the preceding example: 


20,50 Represents minutes past the hour 


ke Oe Four asterisks are placeholders representing the hour 
interval, the day of the month, the month of the 
year, and the day of the week 


The cron daemon will run the uudemon. poll script at 20 minutes past 
the hour and again at 50 minutes past the hour, for example, at 8:20 
a.m. and 8:50 a.m., 9:20 a.m. and 9:50 a.m., and so on. 


These times are the defaults. You can change the times at which the 
cron daemon executes the uudemon.pol1 script to correspond to the 
times you set up for the uudemon. hour script. Set the cron daemon 
torun the uudemon.poll1 script about 5 to 10 minutes before running 
the uudemon.hour script. 
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12 


Network Time Protocol 


The Network Time Protocol (NTP) provides accurate, dependable, and 
synchronized time for hosts on both wide area networks (WANs) like the 
Internet network and local area networks (LANs). In particular, NTP 
provides synchronization traceable to clocks of high absolute accuracy, and 
avoids synchronization to clocks keeping bad time. The Tru64 UNIX NTP 
subsystem is derived from the University of Delaware's implementation, 
NTP Version 4.98a. 


This chapter describes: 

¢ TheTru64 UNIX NTP subsystem and its components 

¢ How to configure your system to use NTP 

¢ How to enable the high-resolution clock 

« How tomanage NTP clients and servers 

For introductory information on NTP, seethentp_ intro(7) reference page. 
For troubleshooting information, see Section 15.14. Also, for information 
about the latest releases of NTP, more examples of how to configure NTP 


subnets, and more extensive NTP troubleshooting information, visit the 
NTP website at http:/Awww.eecis.udel.edu/~ntp. 


As an alternative to NTP, you can set your system time by using the rdate 
command or the timed daemon. 


Note 


The timed daemon is provided only for compatibility; use NTP 
for time synchronization. If you plan to run both the timed 
daemon and NTP, configure NTP first and run the timed daemon 
with the -£ option. 


For more information on the rdate command, see rdate(8) and 
ntp manual_setup(7). 


For more information on the timed daemon, see timed(8) and 
timedsetup(8). 
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12.1 NTP Environment 


In the NTP environment, systems can have the following roles: 


¢« Client — An NTP client system is a system that synchronizes its time 
with local NTP servers. 


e Server — An NTP server is a local system that synchronizes its time 
with an Internet NTP server or with a local reference clock, or both for 
better accuracy. 


Figure 12-1 shows a sample NTP configuration on aLAN in which host D is 
an NTP server that uses a local reference clock as its time source. Hosts A, 
B,C, E, F, and G areNTP clients, synchronizing their time with host D. 


Figure 12-1: Sample NTP Configuration (Local Clock) 
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Figure 12-2 shows a sample NTP configuration in which host D isan NTP 
server that uses an Internet time server as its time source. Hosts A,B,C, E, 
F, and G areNTP cients, synchronizing their time with host D. 
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Figure 12-2: Sample NTP Configuration (Internet Source) 
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12.2 Planning NTP 


Your system can bea local NTP server or an NTP client, or both. Figure 12-3 
shows the NTP Setup Worksheet, which you can use to record the 
information required to configure NTP. If you are viewing this manual online, 
you can use the print feature to print a copy of this worksheet. The following 
sections explain the information you need to record on the worksheet. 
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Figure 12-3: NTP Setup Worksheet 


Ea Time source: 


Server Internet address: Server name: Version: Stratum: 


Client 


Local NTP server address: Server name: Version: 


12.2.1 Server Information 
Time source 


Your system's time source. For local NTP servers, the time source is 
one of the following: 


e Internet NTP servers — If your system is connected tothe | nternet, 
you can obtain a list of possible NTP Internet servers from 
http://www.eecis.udel.edu/~ntp on the World Wide Web. Select 
a minimum of three systems from the server list with which to 
synchronize the time on your local NTP servers. Obtain permission 
from the contact person listed for each Internet server before 
specifying it as a server for your local NTP servers. 


e A reference clock — If your network is not connected to the | nternet 
network, you can select a system on your network to configure with 
a reference clock, which obtains its time via radio broadcasts or 
satellite transmissions. As a last resort, if nol nternet servers or 
reference clock devices are available, you can select a system on 
your network to configure with a local reference clock, which means 
that the system uses its own CPU timekeeping unit as a reference 
clock. 


Seentp_manual_setup(7) and ntp.con£(4) for information about 
configuring different types of reference clocks. 
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Server Internet address 


ThelP address of the |nternet NTP server or the local reference clock. 
Local NTP servers are the time sources for NTP clients. 


Server name 


The host name of the Internet NTP server. 


Version 


The version of NTP daemon running on the Internet NTP server or the 
local reference clock. This can be Version 1 (the ntpd daemon), Version 
2 (the xntpd daemon), or Version 3 (the xntpd daemon). Servers 
running Version 3.2 or earlier of the Tru64 UNIX operating system 
run Version 2 (the xntpd daemon); servers running Version 4.0 of the 
Tru64 UNIX operating system run Version 3 (the xntpd daemon). 


Stratum 


A stratum value describes the accuracy of a system’s reference clock: 
the higher the number, the less accurate the clock. 


If you are configuring a local reference clock, you can specify a higher 
stratum value to indicate that the clock’s time is not very accurate. 
This discourages other systems from using your clock as a reliable time 
source, because NTP clients will obtain the time from the server with 
the lowest stratum they can find. For example, if you set a stratum of 8 
for your local reference clock, NTP clients will ignore your server and 
use a server with stratum 2 or lower (if one can be found). 


You can supply a value between 0-15 for the Stratum field; however it 
is best not to override the default value assigned by NTP unless you 
have a specific reason for doing so. For local reference clocks, that 
default value is 3. For other clocks, the default value is 0. 


12.2.2 Client Information 
Local NTP server address 


The local NTP server IP address. Local NTP servers are the time 
sources for NTP clients. 


Server name 
The local NTP server name. 
Version 


The version of NTP daemon running on the local NTP server. This 
can be Version 1 (the ntpd daemon), Version 2 (the xntpd daemon), 
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or Version 3 the (the xntpd daemon). Servers running Version 3.2 or 
earlier of the Tru64 UNIX operating system run Version 2 (the xntpd 
daemon); servers running Version 4.0 of the Tru64 UNIX operating 
system run Version 3 (the xntpd daemon). 


12.3 Configuring NTP 


Use the SysMan Menu application of the Common Desktop Environment 
(CDE) Application Manager to configure NTP servers and clients. To invoke 
the SysMan Menu application, follow the instructions in Section 1.1.1. 


Note 


Do not use the SysMan Menu to configure NTP on local NTP 
servers that use a local or external reference clock as a time 
source. Instead, seentp manual _setup(7) for instructions. 


Also, if you plan to use both NTP and the timed daemon, set up 
NTP prior to setting up the timed daemon. 


To configure NTP, do the following: 


1. 


From the SysMan Menu, select Networking—Additional Network 
Services>Network Time Protocol (NTP)—Configure system as an NTP 
client to display the Configure NTP Client dialog box. 


Alternatively, enter the following command on a command line: 


# /usr/bin/sysman ntp_ config 


Indicate whether you want to enable authentication by selecting the 
appropriate check box. If you choose to enable authentication, you must 
enter at least one authentication key as follows; repeat the steps to 
add additional keys: 


a. Select Add under the Authentication K eys list to display the 
Add/Modify dialog box. 


b. Enter the Key Number and Key for a peer or peers. The Key 
Number is a number from 1-15 that identifies the Key. TheKey is 
an alphanumeric password of 1-8 characters with no spaces. 


c. Select OK to add the authentication key tothe list and to dismiss 
the Add/M odify dialog box. 


Your authentication keys are stored in the /etc/ntp.keys file when 
you save your configuration and close the Configure NTP Client dialog 
box. 
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Select Add under the Servers & Peers list to display the Add/M odify 
dialog box. 


Enter the host name, mode, version, and key number for an NTP 
server. If the NTP Server’s IP address is not available through DNS or 
NIS, you must add it tothe /etc/hosts database on your system as 
described in Section 2.3.7. 


For clients, enter the information for an NTP server that is local to 
your site. 


For servers, enter the information for an Internet NTP server or a 
local reference clock. (See Section 12.2 for information.) If you are 
configuring a local reference clock, and you need to override the default 
stratum that the xntpd daemon assigns to it, select the Fudge F actor 
check box and select a value from 0 to 15 for the Stratum field. 


The information will be recorded in the /etc/ntp.conf file. For 
clients, entries in this file are designated as server entries because 
clients can synchronize their time only with these systems. An NTP 
server, however, can contain server and peer entries in its ntp. conf 
file. A peer system can be synchronized to another system’s time or it 
can synchronize another system’s time to its own. 


Select OK to validate the parameters you entered and to dismiss the 
Add/Modify dialog box. To add other NTP servers, repeat steps 3 
through 5. It is best to specify at least three servers. 


Indicate whether you want to correct large time differences by selecting 
the appropriate check box. 


This option, enabled by default, allows xntpd to correct differences of 
more than 1000 seconds between your system time and your system's 
NTP server’s time that occur after the xntpd daemon is started. The 
ntpdate command is run at boot time by the /sbin/init.d/settime 
script to correct initial time differences. If your system is sensitive 

to security threats, do not enable this option. If you do not use this 
option, time differences of more than 1000 seconds will cause the xntpd 
daemon to log a message to the syslogd daemon and exit. 


Indicate whether you want to prevent time from being set backwards by 
selecting the appropriate check box. The default is to allow the xntpd 
daemon to set the system time backward. 


Select OK to accept the configuration and to close the Configure NTP 
Client dialog box. 


A new dialog box is displayed indicating that the changes have been 
saved and prompting you to start the xntpd daemon. 
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10. Select Yes to start the daemon and apply your changes immediately, or 
select No to close the Configure NTP Client dialog box and apply the 
changes the next time you reboot your system. 


Note 


When you start NTP, the system attempts to synchronize its 
clock with an NTP server's clock. If you previously enabled a 
screen saver on your system, the time difference might be 
enough to activate it. |n some cases, this blanks the screen, 
but it does not harm the system. Move the mouse or hit a key 
on the keyboard to reactivate the display. 


If you choose Yes, you are informed that the NTP daemons have been 
started. Select OK to dismiss the message and to close the Configure 
NTP Client dialog box. 


You can modify your NTP configuration after the initial setup. You can 
also stop and restart the xntpd daemon as necessary. See the online help 
for more information. 


12.4 Enabling the High-Resolution Clock 


The operating system includes an optional high-resolution clock that can be 
used for time-stamping and for measuring events that occur on the order of 
microseconds, such as the time spent in a critical code path. Programmers 
might be able to use this information to find the source of a bug or to 
determine where a program can be optimized to improve performance. 


To enable the high-resolution clock, add the following line to the kernel 
configuration file and rebuild the kernel: 


options MICRO TIME 


The system clock (CLOCK_REALTIME) resolution as returned by the 
clock _getres function does not change, nor does the timer resolution. 
However, the time as returned by the clock _gettime routine is 
extrapolated between the clock ticks, and the granularity of the time 
returned isin microseconds. The resulting time values are SMP-safe, they 
are monotonically increasing, and they have an apparent resolution of 1 
microsecond. 


12.5 Monitoring Hosts Running the xntpd Daemon 


You can monitor the hosts running the xntpd daemon by using either the 
ntpq command or the xntpde command. 
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To monitor the local host’s NTP status using the ntpg command, use the 
following syntax: 


ntpq [options...] 


To monitor remote hosts’ NTP status using the ntpg command, use the 
following syntax: 


ntpq [options...] hostl hostz... 
Table 12-1 shows the ntpg command options. 


Table 12-1: Options to the ntpq Command 
Option Function 


-c subcommand Interprets subcommand as an interactive format 
command and adds it to a list of commands to be 
executed on the specified host or hosts 


-i Forces ntpq to operate in interactive mode 


—p Prints a list of peers and a summary of their state 


You can specify ntpg subcommands on the command line with the -c option, 
or you can run the ntpqg program interactively with the -i option. When 
you are finished entering subcommands in interactive mode, enter quit 

to exit the program. 


By default, the subcommands apply to the local host. You can specify a host 
other than the local host on the command line or with the host subcommand 
in interactive mode. See ntpq(8) for more information about this command 
and its subcommands. 


The following example shows normal output from the ntpg command with 
the -p option (or peers subcommand): 


% ntpq —-p 

remote refid st when poll reach delay offset disp 
*host2.corp.com host121.corp.co 2 47 64 377 31.3 93.94 16.5 
+host4.corp.com host2.corp.com 3 212 1024 377 33.8 89.58 16.9 
host8.corp.com host2.corp.com 16 never 64 0 0.0 0.00 64000 


The last line of the previous example shows that host8 is either not running 
NTP or cannot be reached. 


To monitor the local host’s NTP status using the xntpdc command, use 
the following syntax: 


xntpde [options...] 


To monitor remote hosts’ NTP status using the xntpdc command, use the 
following syntax: 
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xntpdc [options...] hostl hostz... 


Note 


The latest versions of the xntpdc command and xntpd daemon, 
delivered with NTP Version 4, are incompatible with previous 
versions of NTP. If you use the latest xntpdc command to collect 
information from an older xntpd daemon, or an older xntpdc 
command to collect information from the latest xntpd daemon, 
you will receive inconsistent results. 


Table 12-2 shows some of the xntpdc command options. 


Table 12—2: Options to the xntpdc Command 


Option Function 


—c subcommand Interprets subcommand as an interactive format command 
and adds it to a list of commands to be executed 
on the specified host or hosts. 


-i Forces xntpdc to operate in interactive mode. 
-1 Prints a list of peers that are known to the server. 
—p Prints a list of peers and a summary of their state. This 


is similar in format to the ntpq —p command. 


See xntpdc(8) for more information on this command and its subcommands. 


The following example shows normal output from the xntpdc command 
with the —p option: 


% xntpdc —p 


remote refid st when poll reach delay offset disp 
*host2.corp.com host121.corp.co 2 47 64 377 3173 93.94 L635 
+host4.corp.com host2.corp.com 3 212 1024 377 33.8 89.58 16.9 
-host5.corp.com host12.usc.edu 2 111 1024 377 39.1 46.98 1767 


12.6 Querying Servers Running NTP 
You can query time by using the ntp and ntpdate commands. However, it 


is best to use the ntpdate command because it works with all versions of 
NTP and provides additional features. 
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Mail System 


The Tru64 UNIX mail system enables users to send mail to other users, 
whether on the same system, same network, or the other side of the world. 
This chapter describes: 


¢ TheTru64 UNIX mail system and its components 


* How toconfigure mail (the sendmail utility) on a standalone system or 
across an enterprise 


¢ How toconfigure POP and IMAP mail 
¢ How to administer mail on server and client systems 


For additional introductory information on mail, see mail _intro(7), the 
sendmail book by O’Reilly & Associates, and the Sendmail | nstallation and 
Operation Guide (provided in PDF format on the Tru64 UNIX Documentation 
CD-ROM). For troubleshooting information, see Section 15.18 for the 
sendmail utility and Section 15.19 for POP and IMAP mail. 


The mail daemons in Tru64 UNIX are based on sendmail Version 8.9.3 from 
Sendmail, Inc, POP3 Version 2.5.3 from Qualcomm, Inc., and Cyrus IMAP4 
Version 1.6.19 from Carnegie-Mellon University. If you need later versions 
of these packages than the operating system offers, you can obtain updated 
software directly from the aforementioned organizations or you can obtain 
the Open Source Internet Solutions (OSIS) product, a collection of popular 
Open Source software that Compaq distributes on a CD-ROM. 


The OSIS kit usually contains more up-to-date versions of the Open Source 
software than the operating system because OSIS is updated and distributed 
several times a year. OSIS also contains an administration utility that 
allows you to easily configure advanced features of sendmail, including 
masquerading, virtual domains, anti-spam, and the Lightweight Directory 
Access Protocol (_DAP). For more information about the OSIS product, see 
the following URL: 


http://www.tru64unix.compaq.com/internet/detailed.htm 


13.1 Mail Environment 


In the mail environment, systems can have the following roles: 
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¢« Standalone — A mail standalone system is one that processes, sends, 
and delivers mail locally. This is useful for configurations of from 1 to 
6 systems. In small LAN configurations of two or more systems, one 
system serves the mailbox to the other systems using NFS. In this case, 
NFS must be configured on all systems. 


¢ Client — A mail client system is a system that sends all of its mail toa 
mail server for processing and delivery. If the addressee is on the client 
system, the mail is delivered there. If not, the mail is forwarded to the 
destination system. 


e« Server — A mail server system is a system that receives mail from 
clients in a local domain for processing and delivery to other domains, 
the Internet, or other networks. In addition, the server also receives mail 
from other domains for delivery. 


Figure 13-1 shows a sample standalone configuration on a LAN in which 
all hosts are configured as mail standalone systems. Host B is alsoan NFS 
server, exporting the /var/spool/mail directory to hosts A, C, D, and E. 
Hosts A, C, D, and E arealso NFS cients, importing the /var/spool/mail 
directory from host B. 


The hosts must also have identical information in their passwd and 
aliases files. This information can be distributed either by using NIS or by 
manually editing the files on each system. 
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Figure 13-1: Sample Mail Standalone Configuration 
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Figure 13-2 shows a sample client/server configuration in which host B is 
configured as a mail server and hosts A, C, D, and E are configured as mail 
clients. This is useful in larger enterprise networks that consist of multiple 
domains and connections to the Internet or other networks. 


This configuration also provides for the creation of a natural hierarachy 

of mail servers in large enterprise networks with multiple domains. 

Mail clients in each domain would direct all traffic to one or more mail 
servers, depending on the number of clients in the domain. Each domain’s 
servers would then forward mail to the enterprise’s top domain servers for 
forwarding to the Internet. Since almost all of your local domain's mail 
traffic goes through the servers, this simplifies administration and problem 
resolution in that you only have to manage the servers. 


The connection to the Internet in Figure 13-2 could be direct or through a 
local access provider. Business configurations would typically use firewalls 
and dedicated mail servers. If using a firewall, ensure the firewall and the 
mail server are configured to work with each other. See the documentation 
for your firewall product for more information. 
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Figure 13-2: Sample Mail Client/Server Configuration 


Client 
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Server 
B 


If users need to send mail between systems that use different mail protocols, 
such as the Simple Mail Transfer Protocol (SMTP), UNIX-to-UNIX Copy 
Program (UUCP), and DECnet, it is best to designate specific server systems 
in your network to perform those functions. These server systems are also 
known as mail relays. 
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Additional mail configurations are possible, but they require more effort to 
plan for and to configure. See the sendmail! book by O’Reilly and Associates 
and the Sendmail | nstallation and Operation Guide for more information. 


In implementing a client/server mail environment, you need to decide how to 
do the following: 


¢ Direct outgoing mail to the servers 

¢ Handle incoming mail to the domain 
¢ Deliver mail to clients 

e Distribute the aliases file 

¢ Distribute the passwd file 

« Handle DECnet mail 


This section describes each of these topics. 
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13.1.1 


13.1.2 


13.1.3 


Directing Outgoing Mail to Servers 


To direct outgoing mail to a server, you include the DNS mail exchanger 
(MX) entry in the /etc/namedb/hosts.db file. This entry specifies a 
system in the local domain that can deliver mail to other systems, especially 
those not directly connected to the local network. Using MX to route mail 
has the following benefits: 


e You can define an MX record to point to all of the mail servers in your 
local domain. If a mail server is inaccessible, mail can be delivered to 
another host listed in the MX record. 


« You can use MX records to define a system to be a mail exchanger for 
an inaccessible remote system. Then, if you send mail to the remote, 
inaccessible host, instead of being queued on your local system and 
periodically resent, the mail is sent to the mail exchanger and queued 
there until the host is restored. 


For information on adding entries to the /etc/namedb/hosts. db file, see 
Section 8.9, Appendix H, and bind _manual_setup(7). 
Handling Incoming Mail to the Domain 


To simplify the handling of incoming mail toa domain and to ensure 
reliability, use domain-based addresses in your environment. Mail sent over 
the Internet is usually addressed in the following format: 


usernameGhostname.domain 

For example:j oe@host1.nyc.big.com 

Using domain-based addresses, this address appears as follows: 
joe@nyc.big.com 


Mail is sent to the local domain nyc.big.com instead of to the specific 
host within that domain host1.nyc.big.com; the return address is also 
@nyc.big.com. Then, the mail servers within the local domain decide how 
to deliver the mail to the user’s account. 


Domain-based addresses make it easier to manage your mail environment. 
You can change your mail system (that is, move user accounts and replace 

or move systems) without disrupting your mail delivery. These changes are 
transparent to users sending mail to your systems. 


Delivering Mail to Clients 


Once mail is delivered to the domain, you can deliver it to clients using one 
of the following mechanisms: 
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13.1.4 


13.1.5 


13.1.6 


¢ Deliver the mail tothe /var/spool/mail directory on each client, 
which is the default 


¢ Deliver the mail to the server and use NFS toserve the mail directory to 
each client 


¢ Deliver the mail from a server toa local client machine using POP (see 
Section 13.4) 


¢ Deliver the mail toa server using |MAP (see Section 13.5) 


To deliver mail to each client, each server in the domain must have an 
aliases file that contains an entry for each user on the client. For example: 


usernamel: usernamel@clientl1 
username2: username2@clientl 


Distributing the aliases File 


For standalone and server systems, use the Network Information System 
(NIS) to distribute the mail aliases file from one machine. In a LAN 
environment with standalone systems, distribute the mail aliases file from 
the NFS server system. In a client/server environment, distribute the 
aliases fileto the servers in the domain. In any case, sharing the aliases 
file among systems simplifies administration in that you need to update only 
one aliases file, instead of several. 


See aliases(4) for more information about the database. See Section 13.9 
and Chapter 9 for information about distributing the database with NIS. 


Distributing the passwd File 


If you have multiple server systems in a domain, make sure that the 
information in the passwd file is identical on each system. For security 
reasons and to ensure correct mail delivery, it is best to do this by manually 
editing the passwd file on each server system. 


Handling DECnet Mail 


When you set up a mail server system, you must consider that the mail 
address formats for DECnet PhaselV and DECnet/OSI are different from 
those for TCP/IP. Therefore, you need to establish a mapping scheme to 
translate mail addresses when sending mail between a DECnet node and 
a TCP/IP node. 


The mapping scheme used by the Tru64 UNIX version of the sendmail 
program for DECnet Phase!V encapsulates DE Cnet addresses inside a 
pseudodomain. For example, a typical DECnet PhaselV address has the 
following format: 
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nodename: username 


Mail addressed in this format is mapped to an address in the following 
format: 


username@ nodenamepseudodomain.top.domain 


The variables represent the following: 
username 


The user name. 


nodename 


The DECnet node name. 


pseudodomain 


An arbitrary string that specifies the DE Cnet pseudodomain. The 
pseudodomain can be an arbitrary string, but it must be used 
consistently throughout your organization. All of your mail systems 
must be configured to use the same string for the pseudodomain. 


top.domain 
Usually, your company’s domain name; for example, abc. com. 
The mapping for DECnet/OSI uses a similar scheme. A typical DE Cnet/OSI 
address has the following format: 
username@ namespace. site nodename 
Mail addressed in this format is mapped as follows: 
username@ nodenamesite namespace.pseudodomain.top.domain 


As with DECnet Phase IV, the pseudodomain can be an arbitrary string. 
However, if you use both DECnet Phase lV and DECnet/OSI within your 
organization, it is best to use different pseudodomain names. 


Some environments that support both DE Cnet Phase lV and DECnet/OSI 
use the DECnet Phase |V syntax to handle DE Cnet-based mail. This 
simplifies the mail administration task. In order to implement this, all 
DECnet-OSI nodes must have a unique Phase |V Synonym and must be 
configured to use the Phase IV Synonym. You can reconfigure a DE Cnet/OSI 
host by typing the following command line: 


# ncl set session control application mailll Node Synonym=true 


See the DECnet/OS!I documentation for more information. 
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13.2 Planning Mail 


This section describes those tasks you need to do before configuring mail. 


13.2.1 Verifying that Required Protocols are Installed 


Depending on the protocols supported by your mail server, verify that the 
following required subsets are installed and configured: 


« DECnet 

« DECnet/OSI 
« X.25 (PSI net) 
e UUCP 


See the documentation for each product for installation and configuration 
instructions. For UUCP, verify that the UUCP subset is installed by entering 
the following command: 


# setld -i | grep OSFUUCP 


If it is not installed, install it by using the set1d command. For more 
information on installing subsets, see set 1d(8), the Installation Guide, or 
the System Administration manual. 


13.2.2 Verifying that Required Services are Configured 


The following table lists specific mail configurations and the network service 


required: 

If you want to: Configure this service: 
Distribute the aliases file NIS 

Use domain-based DNS/BIND 

addressing 


If NIS is needed, enter the following command as root to verify that NIS is 
configured: 


# remgr get NIS CONF 


If the command returns No, then NIS is not configured. See Chapter 9 for 
instructions on how to configure NIS and distribute the aliases file 


If DNS is needed, enter the following command as root to verify that DNS is 
configured: 


# remgr get BIND SERVERTYPE 


If the command returns nothing, then DNS is not configured. See Chapter 8 
for instructions on how to configure DNS. 
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13.2.3 


13.2.3.1 


Preparing for the Configuration 


After you install and configure the required protocols and services, you 
configure mail using the Mail Configuration application. 


Mail configuration consists of: 
¢ Defining the standalone, client, or server system 
¢ Defining the protocol information (server systems only) 


The following sections contain worksheets that you can use to record the 
information required to configure mail. 


General System Information 


Figure 13-3 shows the Basic Mail Setup Worksheet. If you are viewing 
this manual online, you can use the print feature to print a copy of this 
worksheet. The following sections explain the information you need to 
record on the worksheet. 


Figure 13-3: Basic Mail Setup Worksheet 


Mail server (clients only): 


Top domain (servers only): 
Mailbox directory: Local [_]NFSclient [_] NFS server 
Locking: lockf = [_] Lock file [_] Both 
Mailbox server: 


Mail server (clients only) 


The fully qualified name of your mail server; for example, 
foo.dec.com. Or, the name of your domain; for example, dec. com, if 
you are using domain-based routing. It is advantageous to specify the 
domain name itself because your mail service cannot be interrupted by 
a single mail server that becomes unavailable. 


Top domain (servers only) 


The name of the highest level domain in your organization that 
uniquely identifies your organization. For example, if the server 
domain name is nyc. big.com, the top domain is big.com. If the 
server domain name is cs.big.univ.ac.uk, the top domain is 
big.univ.ac.uk. 


Mailbox directory 


The location of the mailbox directory. 
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13.2.3.2 


For standalone and client systems, if the mailbox directory is on the 
local system, check Local. If it is on a remote system and is to be 
mounted on the local system using NFS, check NFS Client. If the local 
system is to export mail boxes to NFS clients, check NFS Server. 


For server systems, check Server to make the mailbox directories 
available to other systems. If you do not want to share the mailbox 
directories, check Local. In this case, use the aliases file to send each 
user’s mail tothe appropriate system. See Section 13.9 and aliases(4) 
for more information. 


Locking 


The type of file locking to use on the mailbox. 


For standalone and client systems, if the host with the mailbox 
directory is a Tru64 UNIX system, check lockf; this provides the best 
performance. If you are not sure what operating system the host with 
the mailbox directory is running, check Lock file. If you want to use 
both, check Both. 


Note 


The locking mechanism you select must match the 
mechanism used by the NFS server. If you are not sure how 
the locking mechanisms are set on the NFS server, ask the 
administrator of the NFS server. 


For server systems, if you checked Local as the mailbox location, check 
lockf. If you checked Client as the mailbox location, check Lock file. If 
you checked Server as the mailbox location, check Both. 


Mailbox server 


The name of the system that exports the mailbox to your local system. 


Protocol Information 


Figure 13-4 shows the Mail Protocol Worksheet. If you are viewing 
this manual online, you can use the print feature to print a copy of this 
worksheet. The following sections explain the information you need to 
record on the worksheet. 
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Figure 13—4: Mail Protocol Worksheet 
Mail Protocol Worksheet 
JInternet (SMTP) | (SMTP) Forward: [_] None [_] Internet 


Nonlocal [] Local 


Relay’s host name: 
Relay’s protocol: 
Pseudodomain: 
Pseudodomain aliases: 


Hostaliases; — 
Protocol: DECnet [_] DECnet/OSI L_] POPS 
CIMTS []UUCP [] X25 IMAP4 
Routing: Internet [_] Direct Relay 


Relay’s host name: 

Relay’s protocol: 

Node address (DECnet): 

DNS name space (DECnet/OSI): 
Pseudodomain: 

Pseudodomain aliases: 

Host aliases: 


To configure your system as an Internet (SMTP) server, you need to collect 
the following information: 


Forward 


The type of mail that must be forwarded to a relay. If the local host 
has direct access to the Internet and does not forward any mail, check 
None. If the local host must forward all mail addressed outside of the 
top domain, check Internet. If the local host must forward all messages 
addressed outside of the local Internet domain, check Nonlocal. If the 
local host must forward all mail, including local domain mail, check 
Local. 


Relay’s host name 


The name of the remote host that will process SMTP mail. 


Relay’s protocol 


The name of the protocol the server uses to forward messages to the 
relay host. 
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Pseudodomain 


An arbitrary string that specifies the pseudodomain for SMTP mail. 
The pseudodomain name must be unique for each protocol and must be 
used consistently throughout your enterprise 


Pseudodomain aliases 


Any synonyms for your pseudodomain. 


Host aliases 


The alternative names that other systems might use to direct mail to 
your host. 


To configure your system as a server for other mail protocols, you need to 
collect the following information: 


Protocol 


The type of mail protocols to use. Available protocols include the 
following: 


¢ DECnet (Phase IV) 

« DECnet/OSI (Phase V) 

¢ Internet Mail Protocol (SMTP) (required) 
e Internet Message Access Protocol (IMAP) 
« Message Transport System (MTS) 

¢ Post Office Protocol (POP) 

e UUCP 

¢ X.25 (PSI net) 


Routing 


For DECnet, DECnet/OSI, UUCP, MTS, and X.25 only. If mail for 
the particular protocol is to be forwarded over the Internet to an 
unspecified gateway, check Internet. The Internet depends on DNS to 
select an appropriate relay; therefore, do not specify a relay hostname 
for the Internet. 


If the particular protocol is installed on this server, check Direct. If 
mail requiring the particular protocol is to be forwarded to another 
system for processing, check Relay. Complete the Relay’s hostname 
and Relay’s protocol fields. 
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Relay’s host name 


The name of the remote host that will process mail for the protocol. 


Relay’s protocol 


The name of the protocol the server uses to forward messages to the 
relay host. 


Node address (DE Cnet) 
The address for this machine (DE Cnet only). 


DNS name space (DE Cnet/OSI) 


The complete DNS name space name for this node (DE Cnet/OSI only). 
The syntax of the DNS name space is as follows: 


namespace..site nodename 


Pseudodomain 


An arbitrary string that specifies the pseudodomain (DE Cnet, 
DECnet/OSI, and MTS only). The pseudodomain name must be unique 
for each protocol and must be used consistently throughout your 
enterprise. 


Pseudodomain aliases 


Any synonyms for your pseudodomain (DE Cnet, DECnet/OSI, UUCP, 
and MTS only). 


Host aliases 


The alternative names that other systems might use to direct mail to 
your host. 


13.3 Configuring Mail 


Usethe Mail Configuration application of the Common Desktop Environment 
(CDE) Application Manager to configure mail on systems with graphics 
capabilities. 

Note 


Alternatively, you can usetheSysMan Menu (/usr/sbin/sysman 
-accel mail) or the mailsetup utility to configure mail on 
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your system. See the online help and mailsetup(8) for more 
information. 


You can configure the following systems: 
e Standalone systems 

¢ Client systems 

e Server systems 


To start the Mail Configuration application, do the following: 


1. Login as root. 

Click on the Application Manager icon on the CDE desktop. 
Double-click on the System_Admin application group icon. 
Double-click on the Configuration application group icon. 


uF WN 


Double-click on the Mail Configuration application icon in the 
Configuration group. The Mail Configuration main window is displayed, 
showing available Mail service types and configured Mail service types. 


To exit the Mail Configuration application, choose File then Exit. See 
mailconfig(8) for more information. 


The Mail Configuration application has an extensive online help system 
that you can use, instead of the instructions in this section, to configure 
mail on your system. 


13.3.1 Configuring a Standalone Mail System 
To configure mail for a standalone system, do the following: 
1. Select Standalone from the Available Mail Service Types list box in 
the Mail Configuration window 
Select Configure to display the Standalone Setup dialog box. 


Select Mailbox Setup to display the Mailbox Setup dialog box if your site 
uses NFS toimport or export system mailbox directories (for instance, 
/var/spool/mail); otherwise, goto step 7, the default settings are 
applicable for your mail configuration. 


4. \|f your system imports its mailbox using NFS, select the NFS Client 
radio button and do the following: 
a. Enter theserver name in the Mailbox Server field. 


b. Select a radio button for the appropriate Locking mechanism: lockf, 
Lock Files, or Both. 
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If your system distributes mailboxes to NFS clients, select the NFS 
Server radio button, then select the Both radio button for the Locking 
Mechanism setting. 


Select OK to complete the mailbox setup and close the Mailbox Setup 
dialog box. 


Select Commit to save the changes. You are asked if you would like 
to restart the sendmail daemon. 


Select Restart to start the sendmail daemon and apply your changes 
immediately. Or, select No to apply the changes the next time you 
reboot your system. 


If you choose Restart, you are informed that the sendmail daemon has 
been started. Select OK to dismiss the message. 


Select Close to close the Standalone Setup dialog box. 


13.3.2 Configuring a Mail Client 


To configure a mail client, do the following: 


1. 


10. 


Select Client from the Available Mail Service Types list box in the Mail 
Configuration window. 


Select Configure to display the Client Setup dialog box. 


Enter the name of a mail server for outgoing mail in the Mail Server 
field. 


Select Mailbox Setup to display the Mailbox Setup dialog box. 


Select the NFS Client radio button for the Mailbox Directory if your site 
uses NFS to share system mailbox directories; otherwise, select Local 
and go tostep 7. 


Enter the name of the server that exports the mailbox directory to your 
system in the Mailbox Server field. 


Select a radio button for the appropriate Locking mechanism: lockf, 
Lock Files, or Both. 


Select OK to complete the mailbox setup and to close the Mailbox Setup 
dialog box. 


Select Commit to save the changes. You are asked if you would like 
to restart the sendmail daemon. 


Select Restart to start the sendmail daemon and apply your changes 
immediately. Or, select No to apply the changes the next time you 
reboot your system. 


If you choose Restart, you are informed that the sendmail daemon has 
been started. Select OK to dismiss the message. 
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11. 


Select Close to close the Client Setup dialog box. 


13.3.3 Configuring a Mail Server 


To configure a mail server, follow these steps. If you intend to implement the 
POP or IMAP daemons, configure SMTP and other necessary protocols first, 
then see Section 13.4 and Section 13.5. 


1. 


10. 


Select Server from the Available Mail Service Types list box in the Mail 
Configuration window. 


Select Configure to display the Server Setup dialog box. 


Select the mail protocol you want to configure from the Available 
Protocols list box. The Internet Mail Protocol (SMTP) protocol is the 
only required protocol configuration. Configure additional protocols as 
necessary. 


Select Configure to display the protocol setup dialog box for the protocol 
you selected. 

For the SMTP protocol, select the type of forwarding for this server. If 
you select None, go to step 11; otherwise, go to step 7. 

For the DECnet, DECnet/OSI, MTS, UUCP, and X.25 protocols, select 
a Routing type. If you select Internet or Direct, go to step 9. If you 
select Relay, go to step 7. 

Enter a host name in the Relay’s Hostname field if you will be 
forwarding mail to another system for processing; otherwise, continue 
with step 9. 


Select the protocol used to communicate with the relay in the Relay’s 
Protocol pulldown menu. 


For the DECnet, DECnet/OSI, and MTS protocols, in the Pseudo 
Domain field, enter the domain name used to identify mail that requires 
the selected protocol. 


For the DECnet, DECnet/OSI, MTS, UUCP, and X.25 protocols, to add 
aliases for the pseudodomain, select Pseudo Domain Aliases to display 
the Pseudo Domain Aliases dialog box, and do the following: 


a. Enter the alias namein the Pseudo Domain Alias field and select 
Add. 
b. Repeat the previous step as many times as necessary. 


c. Select OK to close the Pseudo Domain Aliases dialog box. 
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11. 


12. 


13. 


14. 


15. 


16. 
17. 


18. 


19. 


20. 


21. 


22. 


23. 
24. 


To add aliases for this mail server, select Host Alias to display the Host 
Aliases dialog box, and do the following: 

a. Enter the alias namein the Host Alias field and select Add. 

b. Repeat the previous step as many times as necessary. 

c. Select OK toclose the Host Aliases dialog box. 

For the DECnet protocol, enter the DE Cnet node address (area.node) for 
this server in the Node Address field, for example, 32.958. 


For the DECnet/OSI protocol, enter the name space of the node, which 
is usually the token before the colon (:) ina DECnet Phase V address, in 
the DNS Name Space field. 


Select OK toclose the Setup dialog box for the protocol you selected. The 
Server Setup dialog box is active. 


Configure another protocol if necessary. Repeat steps 3 through 15 for 
each additional protocol. 


Select Mailbox Setup to display the Mailbox Setup dialog box. 
Select a radio button for Mailbox Directory. 


If your site does not use NFS to distribute the system mailbox 
directories, select Local instead of NFS Server, and then go tostep 19. 


If you selected NFS Client as a Mailbox Directory, enter the name of the 
mail server in the Mail Server field. Be sure toinclude the domain. For 
example, for a server named mailhub, the server name with domain 
might be mailhub.nyc.dec.com. 


Select a radio button for the appropriate Locking mechanism: lockf, 
Lock Files, or Both. 


Select OK to complete the mailbox setup and close the Mailbox Setup 
dialog box. 


Select Commit to save the changes. You are prompted to restart the 
sendmail daemon. 


Select Restart to start the sendmail daemon and apply your changes 
immediately. Or, select No to apply the changes the next time you 
reboot your system. 


If you choose Restart, you are informed that the sendmail daemon has 
been started. Select OK to dismiss the message. 


Select Close to close the Server Setup dialog box. 


Add DNS mail exchanger (MX) records to the /etc/namedb/hosts.db 
file for each host in your environment, if necessary. See Section 13.1.1 
for more information. 
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13.3.4 Adding a New Mail Host 


To add a new mail host to your existing mail environment, do the following: 


1. Configure the network and network services on the host. See Chapter 2 
for more information. 


2. Ifyou areusing DNS MX records in your environment, update the DNS 
data files. See Section 13.1.1 for more information. 


13.4 Post Office Protocol 


13.4.1 


The Post Office Protocol Version 3 (POP3 or POP) is a client/server protocol 
that allows users to download their Email from a mail server to a remote 
client. It is intended for users that mainly access their Email in an offline 
mode. In offline mode, messages are delivered to a server and reside there 
until the user connects to the server and downloads the incoming messages 
to the dient machine (a desktop or laptop computer running Windows, 
Macintosh, UNIX, or another operating system). Thereafter, all message 
processing is local to the client machine and environment. This is the mode 
used widely today by Internet Service Providers (ISP) to provide Email 
services for their consumers. See pop3d(8) for further information. 


Installing POP 


The operating system provides a POP3 server (/usr/sbin/pop3d) from 
Qualcomm, Incorporated, which is fully installed and configured for you 
when you install the OSFINET subset (check the installation log file for any 
warnings or errors). The pop3d daemon is configured to listen on port 110 
for incoming connections, and allows any user of the system to access their 
Email via a POP client. 


During installation, the /etc/passwd, /etc/services, and 
/etc/inetd.conf configuration files are updated. If the lines displayed in 
the following examples are not present in the configuration files, the POP3 
service may not behave appropriately. If a previous version of POP was 
detected, or if the OSFINET subset did not install properly, the files might 
not have been updated and the changes must be made manually. 


The /etc/passwd file must contain the following line; if it does not, add 
the line to the file: 

pop:*:13:6:POP Mail Service Account:/: 

If necessary, change the user identification number, 13, toa value that is 
appropriate for your system. 


The /etc/services file must contain the following line; if it does not, add 
the line to the file: 
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13.4.2 


13.4.2.1 


pop3 110/tcp 


The /etc/inetd.conf file must contain the following line; if it does not, 
add the line to the file: 


pop3 stream tcp nowait root /usr/sbin/pop3d pop3d 


Migrating to the New POP3 Implementation 


The POP service was upgraded in Tru64 UNIX Version 5.0. Migration paths 
are provided for systems that were running either the version of POP3 
offered with the OSFMH (RAND Corp. Mail Handler) subset or the Qualcomm 
POP3 service (if your version came directly from Qualcomm). 


If you use the MH POP3 service, you must migrate your POP user accounts 
from the /usr/spool/pop/PopP file to the mailauth database and convert 
your mailboxes to the new format. 


If you use the Qualcomm POP3 service, you must migrate your POP user 
accounts from the popauth database to the mailauth database; however, 
you do not need to convert your mailboxes. The only difference between 
Qualcomm POP3 and the Tru64 UNIX implementation of Qualcomm POP3 
is the mail authorization database, which has been enhanced to store 
secondary POP and !|MAP passwords. 


The following sections describe the migration paths for each service. See 
popev(8) for further information. 


Migrating from MH POP3 


To transition from MH POP3 service to the new implementation, complete 
the following tasks: 


1. Remove any startup scripts for the /usr/1lib/mh/popd file in the 
/sbin/rc directories. 


2. Make sure that the /etc/inetd.conf and /etc/services 
configuration files were updated with the correct entries as described in 
Section 13.4.1. 


3. Initialize the mailauth database by entering the following command: 
# /usr/bin/mailauth -init 


4. Usethe popev utility to move usernames and passwords from 
the /usr/spool/pop/PoP file to the mailauth database 
(/etc/pop.auth.pag and /etc/pop.auth.dir). Enter the following 
command, where filename can bean alternate file used to store POP 
passwords: 


# /usr/bin/popcv [filename] 
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5. Usethemailcv tool to convert existing MH POP3 mail folders tothe 
new POP3 format: 


a. Change directory tothe MH POP3 mail folder directory: 


# cd /usr/spool/mail/POP 


The directory might be /usr/spool/pop or another directory 
depending on how you configured MH POP3. 


b. For each mail user, enter the following command, where input is 
the file name of the user’s MH POP3 folder: 


# /usr/dt/bin/mailev -Q -£ input 


Typically, the file name is the same as the POP user’s username. 
For instance, for a user named J ake, you would convert the 
/usr/spool/mail/POP/jake file. 


Optionally, you can change the name of a mail folder during the 
conversion process by appending the new file name to the end of 
the command, as in the following example: 


# /usr/dt/bin/mailecv -Q -f£ charlie chuck 


See mailcv(1) for more information. 


13.4.2.2 Migrating from Qualcomm POP3 


To transition from Qualcomm’s POP3 service to the new implementation, 
complete the following tasks: 


1. Ensurethat the /etc/inetd.conf and /etc/services configuration 
files were updated with the correct entries as described in Section 13.4.1. 


2. Ifa previous popauth database exists, convert it toa mailauth 
database by using the following command: 


# /usr/bin/mailauth -convert 


Note that you need to convert your mail folders only if you previously ran 
the MH POP3 server. 


13.4.3 Configuring a POP Mail Account 
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To configure a POP mail account, create a UNIX account for the user (if one 
does not already exist) as described in the Systen Administration guide. The 
user’s mailbox is set up automatically. 


Once the user’s account is set up on the server, the user can configure a mail 
application compatible with POP3, for example, Netscape Communicator, 
which is bundled with the operating system software. At a minimum, you 
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must provide the user with the following information about mail service 
in your facility: 


« POP username — Specify if different from the UNIX username 
¢ POP-specific password — Specify if different from the UNIX password 


e« POP server name — Themail application collects incoming mail from 
this server 


¢ SMTP server name — The mail application delivers outgoing mail to 
this server 


« Domain name — The mail application adds this domain name to all 
unqualified addresses for domain-based mail addressing 


Changing Login Authentication 


The POP service typically authenticates user accounts by verifying the 
supplied user name and password against information in the UNIX password 
file (usually the /etc/passwd file). The Tru64 UNIX implementation 

of POP has been enhanced to optionally support SIA interfaces for 
authentication on a C2 secure system. 


For increased security, the system administrator can have POP users use 
alternate passwords instead of their usual login passwords; therefore, if a 
POP password is compromised across the network, system access is not 
at risk. 


There are two ways to enable alternate passwords for POP authentication: 


e Arrange for POP users to store alternate passwords in the mailauth 
database (/etc/pop.auth.dir and /etc/pop.auth.pag). 


e Add mail users to the same mailauth database as Authenticated POP 
(APOP) users. APOP uses an encrypted authentication mechanism, 
also with alternate passwords, that is more secure than standard POP; 
however, users need mail client applications compatible with APOP to 
take advantage of it. 


Usethe SysMan Menu application of the Common Desktop Environment 
(CDE) Application Manager to enable either authentication option. To 
invoke the SysMan Menu application, follow the instructions in Chapter 1, 
then follow these steps: 


Note 


If users in your environment use one of the old POP3 
implementations, you must migrate them to the new POP3 
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9. 


implementation as described in Section 13.4.2 prior to enabling 
alternate passwords. 


From the SysMan Menu, select Mail-M anage users’ mail accounts. 
The Mail User Administration window is displayed. Optionally, you can 
invoke this utility by executing the following command: 


# mailusradm & 
Select the radio button for List Specific Users and select Complile List. 
Enter the username or a wildcard in the dialog box and select OK. 


Select the name of the user for whom you would like to require an 
alternate password. 


Select the desired mail service type from the pulldown menu. To require 
that the user use an alternate password for POP mail, select POP with 
Mail Password. To switch the user’s mail service to APOP, select APOP 
with Mail Password. 


Select OK to save your changes. 
Enter an alternate password for POP or APOP and select OK. 


The user can later set a new password by issuing the mailauth 
command without any flags. For example: 


% /usr/bin/mailauth 


Select OK to dismiss the message that indicates that the account has 
been modified successfully. 


Select Exit to close the Mail User Administration window. 


If you need to change authentication for multiple accounts, you can select 
List All Local Mail Usersin step 2. Use the Control key in combination with 
a right-mouseclick to select more than one user name from the list. See 
mailusradm(8) for more information about the Mail User Administration 
utility. 


Optionally, you can use the mailauth utility to set up authentication. See 
mailauth(8). 


13.4.5 Administrative Tools 


You can use the following tools to administer the POP service: 


mailauth — Utility used to manage the secondary mail authorization 
database. See mailauth(8). 


mailusradm — System administration GUI utility used to configure 
mail users. See mailusradm(g). 
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The POP server sends log messages to the syslogd daemon. The log 
information is stored in the /var/adm/syslog.dated/date/mail.log 
file. You can use this data to solve problems. The severity levels are NOTICE 
for failed and successful authentications and DEBUG for all debugging 
information. 


Directory Structure 


The POP configuration and mail files are distributed across the file system 
as indicated in Figure 13-5. 


Figure 13-5: POP Directory Structure 


pop.auth.dir 
pop.auth.pag 
inetd.conf 
services 
passwd 


ZK-1540U-Al 
Table 13-1 describes the purpose of these files and directories. 
Table 13-1: POP3 Files and Directories 
File or Directory Purpose 
/etc/passwd file Contains account information for each user on the 


system. Users configured in this file are able to 
use POP mail by default. 


/etc/pop.auth. * files Contain the encrypted mail authorization 
database, which is used to authenticate POP 
and IMAP users. See mailusradm(8) and 
mailauth(8) for information about editing this 
database. 


/var/spool/mail directory Contains the mail folders for all POP and UNIX 
mail users on the system. Each folder is a file 
with a file name that is usually identical to the 
user’s login name. 
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13.5 Internet Message Access Protocol 


The Internet Message Access Protocol Version 4 (IMAP4 or IMAP) isa 
client/server protocol that allows mail clients to access mail messages on a 
server. With it, the user can access mail folders and manipulate the contents 
remotely without having to login tothe server. The protocol allows clients 
to create, delete, and rename mail folders, to check for new messages and 
remove old messages, and to selectively retrieve messages for local viewing. 
In addition, the user can select messages by attributes and parse messages 
in the RFC 822 and MIME formats. 


This protocol can be used in the offline, online, or disconnected mode. The 
offline mode is the same as that described in Section 13.4. In online mode, 
messages are manipulated on the server remotely by mail client programs. 
In disconnected mode, a mail client connects to the mail server, makes a 
cache copy of selected messages, and then disconnects from the server, 
later to reconnect and resynchronize with the server. In both online and 
disconnected access modes, mail is stored on the server, which is often a 
necessity for people who use different computers at different times to access 
their messages. 


See imapd(8), deliver(8), and imapd.conf(4) for further information. 


13.5.1 Installing IMAP 


The operating system software includes the Cyrus |MAP4 Revision 1 server 
(/usr/sbin/imapd) by Carnegie Mellon University, which is installed and 
configured when you install the OSFINET subset (check the installation log 
file for any warnings or errors). The imapd daemon is configured to listen 
on port 143 for incoming connections. 


During installation, the /etc/passwd, /etc/services, and 
/etc/inetd.conf configuration files are updated. If the lines specified in 
the following examples are not present in the configuration files, the |MAP 
service may not behave appropriately. 


The /etc/passwd file must contain the following line; if it does not, add 
the line to the file: 


imap:*:14:6:IMAP Mail Service Account:/: 


If necessary, change the user identification number, 14, toa value that is 
appropriate for your system. 


The /etc/services file must contain the following line. If it does not, 
add the line to the file: 


imap 143/tcp 
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The /etc/inetd.conf file must contain the following line. If it does not, 
add the line to the file: 


imap stream tcp nowait imap /usr/sbin/imapd imapd 


13.5.2 Upgrading IMAP 


Starting with Version 1.6.1 of the Cyrus IMAP4 Revision 1 server, the | MAP 
files in the quota and user configuration directories, and optionally, the 
users’ mail directories in the |MAP mail spool, are stored in subdirectories a 
through z, sorted by the first character of each user name. This arrangement 
reduces the number of entries in a given directory and consequently 
increases performance and scalability. 


If you are running the IMAP server froma previous version of the operating 
system, and you are upgrading to Tru64 UNIX Version 5.1, you must 
convert your quota and user configuration directories to the new format. 
Optionally, you can sort your IMAP mail spool in the same manner by 
enabling the hashimapspool option in the /etc/imapd.conf file before 
converting your configuration directories. See imapd.conf(4) for more 
information. 


To convert your directories to the new format, use the dohash utility. See 
dohash(8) for more information. 


13.5.3 Configuring IMAP Mail Accounts 


To enable users to receive |MAP mail, you must complete two tasks. First, if 
the users do not have accounts on the system, you must create them. Seethe 
System Administration guide and adduser(8) for more information. 


Second, you must change the properties of the users’ accounts to indicate 
that their mail is to be processed by the |MAP server. Use the SysMan 
Menu application of the Common Desktop Environment (CDE) Application 
Manager to configure the user’s mail service type. To invoke the SysMan 
Menu application, follow the instructions in Chapter 1. 


To change the user’s mail service type, do the following: 


1. Fromthe SysMan Menu, select Mail+Manage users’ mail accounts. 
The Mail User Administration window is displayed. Optionally, you can 
invoke this application by executing the following command: 


# mailusradm & 
Select the radio button for List Specific Users and select Compile List. 
Enter the username or a wildcard in the dialog box and select OK. 
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10. 


11. 


Select the name of the user whose mail service type you would like to 
change from the list. 


Select the desired mail service type from the pulldown menu. To require 
that the user use an alternate password for IMAP mail, select IMAP 
with Mail Password. Otherwise, select |MAP to use the same password. 


If you enable this option, the alternate passwords are stored in the 
mailauth database, which is located in the /etc/pop. auth. dir and 
/etc/pop.auth.pag files. See mailauth(8) for more information. 


Select OK to save your changes. 


Enter the mail administrator’s password. In most cases, this password 
is the same as the root account password. Select OK. 


Select the privileges to set on the user’s mailbox. In most cases, you will 
select All to allow the user to read, modify, and delete messages in the 
mailbox. Select OK. 


If you did not select IMAP with Mail Password in step 5, skip to step 10. 
Enter an alternate password for IMAP and select OK. 


The user can later select a new password by issuing the mailauth 
command without any flags. For example: 


% /usr/bin/mailauth 


Select OK to dismiss the message that indicates that the account has 
been modified successfully. 


Select Exit to close the Mail User Administration window. 


If you need to set up multiple IMAP accounts, you can select List All 
Local Mail Users in step 2. Use the Control key in combination with a 
right-mouseclick to select more than one user name from the list. 


See the online help and mailusradm(8) for more information. 


Once a user’s IMAP account is set up on the server side, the user can 
configure a mail application compatible with |MAP4, for example, Netscape 
Communicator, which is bundled with the operating system software. At a 
minimum, you must provide the user with the following information about 
mail service in your facility: 
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IMAP username — Specify if different from the UNIX username 
IMAP password — Specify if different from the UNIX password 
IMAP Mailbox location prefix — user.username 


IMAP server name — The mail application collects incoming mail from 
this server 


System 


¢ SMTP server name — Themail application delivers outgoing mail to 
this server 


« Domain name — The mail application adds this domain name to all 
unqualified addresses for domain-based mail addressing 


13.5.4 Migrating Users from UNIX and POP3 Mail 


To convert an existing UNIX or POP3 mail user to|MAP mail, you must first 
set up the user’s IMAP account as described in Section 13.5.3. Then, use the 
mailcv tool to convert the user’s mail folder tothe | MAP format as follows: 


Note 


If you are using MH POP3 or a version of Qualcomm POP3 
that did not come with the operating system software, follow 
the instructions in Section 13.4.2 to convert to the new POP3 
implementation before converting to |MAP. 


1. Change directory to the UNI X/POP3 mail folder directory: 
# cd /usr/spool/mail 

2. Assume the user’s identity by using the su command, as follows: 
# su username 


You must be the user to convert the user’s mail folder to! MAP format 
with the mailcv command. 


3. Enter the following command, where folder is the file name of the 
user’s mail folder: 


% /usr/dt/bin/mailev -I -f£ folder 
You need the user’s IMAP password to use this command. 


The mail folder file name is usually the same as the user’s username. 
For instance, for a user named J ake, you would convert the j ake file. 


Optionally, you can move the converted messages to an IMAP subfolder 
during the conversion process by appending a subfolder name to the end 
of the command, as in the following example: 


# /usr/dt/bin/mailcv -I -f charlie business 


IMAP subfolders are described in Section 13.5.7. See mailcv(1) for 
more information about the mailcv command. 


4. Exit the su session to the user’s account, as follows: 


% exit 


He 
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Note that mail received after the account is changed tol MAP but prior tothe 
conversion process is not lost. The newly-converted messages are appended 
to the existing messages in the user’s mailbox. 


Once a user’s UNIX or POP account is converted toan IMAP account on the 
server, the user must reconfigure the mail application. Ensure that the user 
has an mail application compatible with |MAP4, for example, Netscape 
Communicator, which is bundled with the operating system software. 


You also need to provide the user with information about mail service in your 
facility, as specified in Section 13.5.3. 


13.5.5 Administrative Tools 


You can use the following tools to administer the |MAP server: 


cyradm — Command line utility used for configuring and managing 
users, folders, subfolders, and so on. See cyradm(1). 


deliver — Utility used to deliver mail to an IMAP mailbox. See 
deliver(8). 


dohash — Utility used to convert the IMAP configuration directories 
from the format for older versions of the Cyrus IMAP4 Revision 1 server 
to the new format for Version 1.6.1 or higher. Another utility, undohash, 
reverses the process. See dohash(8). 


imapquota — Utility used to report and fix IMAP mail quota usage. 
See imapquota(g). 


mailauth — Utility used to manage the secondary mail password 
database. See mailauth(8). 


mailusradm — System administration GUI utility used to configure 
mail users. See mailusradm(8). 


reconstruct — Utility used to rebuild IMAP mailboxes. See 
reconstruct(8) for further information. 


The!IMAP server software sends log messages to the syslogd daemon. The 
log information is stored in the /var/adm/syslog.dated/date/mail.log 
file. You can use this data to solve problems. The severity levels are as 


follows: 
NOTICE Authentications, both successful and unsuccessful. 
ERR 1/0 errors, including failure to update quota usage. 


The message includes the specific file and UNIX 
error. 
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WARNING Protection mechanism failures, client inactivity 
timeouts. 


INFO Mailbox openings. 


Directory Structure 


ThelMAP configuration and mail files are distributed across the file system 
as indicated in Figure 13-6. 


Figure 13-6: IMAP Directory Structure 


imapd.conf 
services 
inetd.conf 


imapquota 
cyradm 
reconstruct 
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All of the runtime configuration information is stored in the 
/etc/imapd.conf file. This file contains site configuration and policy 
options, such as: 


¢ Location of the configuration directory 

¢ Partition names and their corresponding directory roots 

¢ Threshold for quota warning messages 

¢ Whether or not to allow anonymous logins 

e« Whether or not to automatically create INBOx mailboxes for users 


See imapd.con£f(4) for further information. 


The configuration directory specified in the /etc/imapd.conf file contains 
the items listed in Table 13-2. 


Mail System 13-29 


Table 13-2: Configuration Directory Contents 


File or Directory 


Purpose 


mailboxes file 


user/a...z directories 


proc directory 
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Contains a sorted list of each |MAP mailbox on the 
server along with mailboxes quota root and access 
control list (ACL), described in Section 13.5.9 and 
Section 13.5.8, respectively. Because the ACL 

is security-critical information that cannot be 
reconstructed from information stored elsewhere, 
there is no utility to recover from a damaged 
mailboxes file. 

To protect the contents of the mailboxes, make 
frequent (even hourly) backups of the mailboxes 
file to some other part of the disk. 


Contain user subscriptions. There is one file per 
user, each file containing a sorted list of the user’s 
mailboxes. 

Each file name consists of the user’s user name 
followed by a . sub file extension, and the files are 
sorted into the a through z directories by the first 
letter of the user name. 

There is no utility for recovering damaged 
subscription files. You can restore lost files from 
backups. 


Contains one file per active server process. The 
filename is the ASCII representation of the 
process id, and the file contains the following 
tab-separated fields: 


¢ Host name of client 
e Username, if logged in 
e¢ Selected mailbox, if mailbox selected 


The proc subdirectory is normally purged when 
you reboot the server. 


Table 13-2: Configuration Directory Contents (cont.) 


File or Directory Purpose 


quota/a...z directories Contain quota specifications for restricted | MAP 
users. There can be multiple files for each user, 
each file containing the limit for a quota root, as 
described in Section 13.5.9. 
Each file name consists of the string user 
followed by one or more extensions, starting 
with the associated user name (for example, 
user.hansen). The files are sorted into the a 
through z directories by the first letter of each 
user name. 
The imapquota program, when invoked with 
the -£ switch, recalculates each user’s quota. To 
remove the restrictions on a user’s quota, remove 
the user’s quota file. Then run imapquota -f to 
make the quota files consistent again. 


log directory Contains zero or more subdirectories, each named 
after a user. If a subdirectory exists for a user, the 
server keeps a telemetry log of protocol sessions 
authenticating as that user. The telemetry log is 
stored in the subdirectory with a filename that 
matches the server’s process 1D. Use this feature 
only for debugging purposes; the log files grow 
rapidly. 


The largest database in the IMAP server is a user’s mailbox 

directory. By default, these mailbox directories are located in the 
/var/spool/imap/users directory. Thereis one directory for each user 
and the directory name is the user’s user name. If you have a highly 
populated mailbox tree, you can optionally sort these mailbox directories 
into /var/spool/imap/users/a...z subdirectories by specifying the 
hashimapspool option in the imapd.conf file. See imapd. conf(4) and 
dohash(8) for more information. 


Each user’s directory contains the files listed in Table 13-3. 
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Table 13-3: Mailbox Directory Contents 


File or Directory Purpose 


message files Contain one message each in RFC 822 format. 
Lines in the message are separated by a carriage 
return and line feed, not just a line feed. The 
file name of each message is the message's UID 
followed by a dot (.). 


cyrus .header Contains a magic number and variable-length 
information about the mailbox itself. 


cyrus. index Contains fixed-length information about the 
mailbox itself and each message in the mail box. 


cyrus .cache Contains variable-length information about each 
message in the mailbox. 


cyrus.seen Contains variable-length state information about 
each user who has permission to read the mailbox. 


Thereconstruct utility can be used to recover from corruption in mailbox 
directories. If the reconstruct utility finds existing header and index 
files, it attempts to preserve any data in them that is not derivable from the 
message files themselves, including the flag names, flag state, and internal 
date. The utility derives all other information from the message files. 


You can recover from a damaged disk by restoring message files from a 
backup and then running the reconstruct utility to regenerate what 

it can of the other files. The reconstruct program does not adjust the 
quota usage recorded in any quota file. After running reconstruct, run 
imapquota -f to fix the quota root files. 


13.5.7 Mailbox Namespace 
The!lMAP server presents mailboxes using the netnews namespace 
convention. Mailbox names have the following restrictions: 
e Arecase-sensitive 
¢ Cannot start or end with a period (.) character 
¢« Cannot contain two period (..) characters in a row 


¢ Cannot contain non-ASCII characters, shell metacharacters, or a 
backslash (/) character 


All personal mailboxes for a user begin with the user.username. string. 
For example, mailboxes belonging to a user named Hansen begin with the 
user.hansen. string. If Hansen has a mailbox for work-related Email, it 
might be called user. hansen.work. 
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In the user’s mail application, the prefix user.hansen. normally appears 
as INBOX.. The mailbox user. hansen. work would therefore appear as 
INBOX. work. However, if the access control list (ACL) of the mailbox 
permitted other users to see that mailbox, it would appear to them as 
user.hansen.work. 


You can create or delete a user’s mailbox by creating or deleting the 

user’s INBOX. A user with an INBOX can create and subscribe to personal 
mailboxes. Users with dots in their user names are able tolog in, but cannot 
have an INBOX or receive IMAP mail. When you delete a user’s INBOX, all of 
the personal mailboxes associated with it are deleted as well. 


With the exception of INBOX, all mailbox names are system-wide; they refer 
to the same mailbox regardless of the user. ACLs determine which users 
can access or see certain mailboxes. 


In contexts that permit relative mailbox names, the mailbox namespace 
works as follows: 


« Names that do not start with a period (.) are fully qualified. 
e« Names that start with a period (.) are relative to the current context. 
You might need to use this convention if you use the telnet command to 


connect to an IMAP port for troubleshooting purposes or if you create an 
application that issues IMAP calls. 


If you are working with folder names and the top of the hierarchy 
is named user.hansen, the name .work.personnel.issues 
resolves to user. hansen.work.personnel.issues and the name 
work .personnel .issues resolves to work. personnel.issues. 


13.5.8 Access Control Lists 


Access to each mailbox is controlled by each mailbox’s access control list 
(ACL). ACLs provide a mechanism for specifying the users or groups of users 
who have permission to access the mailboxes. 


An ACL isa list of zero or more entries. Each entry has an identifier and a 
set of rights. The identifier specifies the user or group of users to which the 
entry applies. The set of rights is one or more letters or digits, each letter or 
digit conferring a particular privilege. See cyradm(1) for further information. 


Access rights are defined as follows: 
lookup (1) 


The user can see that the mailbox exists. 
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read (r) 


The user can read the mailbox. The user can select the mailbox, 
retrieve data, perform searches, and copy messages from the mailbox. 


seen (s) 


The per-user seen state is preserved. The server saves the Seen and 
Recent flags for the user. 


write (w) 


The user can modify flags and keywords other than Seen and Deleted 
(which are controlled by other sets of rights). 


insert (i) 


The user can insert new messages into the mailbox. 


post (p) 


The user can send mail to the submission address for the mailbox. This 
right differs from the i right in that the delivery system inserts trace 
information into submitted messages. 


create (c) 


The user can create new sub-mailboxes of the mailbox. 


delete (d) 


The user can store the Deleted flag, perform expunges, and delete. 


administer (a) 


The user can change the ACL on the mailbox. 


You can combine access rights in different ways. For example: 
Irs 


The user can read the mailbox. 


Irsp 


The user can read the mailbox and can post to it through the delivery 
system. Most delivery systems do not provide authentication, so the p 
right usually has meaning only for the anonymous user. 
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The user can see the mailbox and can read it, but the server does 
not preserve the Seen and Recent flags. This set of rights is useful 
primarily for anonymous IMAP. 


rs 


The user can read the mailbox and the server preserves the Seen and 
Recent flags, but the mailbox is not visible to the user through the 
various mailbox listing commands. The user must know the name of 
the mailbox to be able to access it. 


Irsip 


The user can read and append to the mailbox either through IMAP 
or through the delivery system. 


Any identifier may be prefixed with a dash (-) character. The associated 
rights are then removed from that identifier. These are referred to as 
negative rights. 


To calculate the set of rights granted to a user, the server first calculates the 
union of all rights granted to the user and to all groups of which the user is a 
member. The server then calculates and removes the union of all negative 
rights granted to the user and to all groups of which the user is a member. 
For example, in the following ACL, the user named Fred is granted the 
rights 1rswip and the user anonymous is granted the rights 1rp: 


anyone irsp 
fred lwi 
-anonymous s 


Regardless of the ACL on a mailbox, users who are listed in the admins 
configuration option of the /etc/imapd.conf file implicitly have the lookup 
and administer rights on all mailboxes. Users also implicitly have the lookup 
and administer rights on the INBox and all of their personal mailboxes. 


When a mailbox is created, its ACL starts with a copy of the ACL of its 
closest parent mailbox. When a user is created, the ACL on the user’s INBOX 
starts with a single entry granting all rights to the user. When a nonuser 
mailbox is created and does not have a parent, its ACL is initialized to the 
value of the defaultacl option in the /etc/imapd.conf file. 


13.5.9 Quotas 


You can use quotas to limit the system resources available to a user. The 
IMAP server supports quotas on storage. 
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A quota on storage is defined as the number of kilobytes of disk space that 
a user’s messages are permitted to consume. Each copy of a message is 
counted independently, even when the server can conserve disk space by 
making hard links to message files. The additional disk space overhead used 
by mailbox index and cache files is not charged against a quota. 


You can assign one quota on the overall space permitted for a user’s 
mailboxes or you can assign different quotas on selected branches of a user’s 
mailbox hierarchy. In either case, you apply the quota to the root of the 
mailbox hierarchy that you want to limit. The quota root encompasses any 
number of mailboxes in that hierarchy. Quotas on a quota root apply to the 
sum of the usage by all mailboxes at that level and below that level that is 
not part of a quota root on lower level, hence, each mailbox is limited by at 
most one quota root. 


Figure 13-7 shows an example of quota roots for a user named Hansen. 


Figure 13-7: Quota Roots 


user.hansen.personnel.issues 
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In Figure 13-7, the user Hansen has the following mail folders: 


user.hansen (INBOX) 

user. hansen.personnel 
user.hansen.personnel.reviews 
user.hansen.personnel.issues 
user.hansen.saved 
user.hansen.todo 
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The following quota roots in the quota/h directory restrict Hansen’s disk 
usage: 


user.hansen 
user.hansen.personnel 
user. hansen.personnel.issues 


The quota root user. hansen applies to the INBOX, saved, and 

todo mail folders. The quota root user. hansen.personnel 

applies to the personnel and reviews mail folders. The quota root 
user. hansen.personnel.issues applies only tothe issues mail folder. 
If the user. hansen.personnel and user.hansen.personnel.issues 
quota roots did not exist, the restrictions specified for the user . hansen root 
would apply to all mail folders in the user. hansen hierarchy (those mail 
folders with the user. hansen prefix). 


You can create quota roots by using the setquota command in the cyradm 
utility; however, you cannot delete quota roots with this utility. To removea 
quota root, you must remove the associated quota file. 


For a message to be inserted into a mailbox, the mailbox must have sufficent 
storage so that inserting the message will not exceed the quota root. This is 
always true of manual transfers from one folder to another, but mail delivery 
iS a special exception. If the limit is not exceeded when delivery starts, then 
the message is delivered regardless of its size. If delivery of the new message 
exceeds the folder’s quota, the imapd daemon informs the user and permits 
him or her to correct the problem. If mail delivery were not permitted in this 
case, the user would not know that mail cannot be delivered. 


When the quota root is exceeded, mail delivery fails with a temporary error. 
The system attempts delivery for a few days, providing the user time to 
notice and correct the problem. 


When a user selects a mail folder that is near or exceeds the quota, the 
server issues an alert to notify the user. You can use the quotawarn 
configuration option to set the threshold of usage at which the server issues 
quota warnings. The server issues warnings only when the user has rights 
to the folder because only users with rights can correct the problem. 


13.5.10 Partitions 


You can use partitions to store mailboxes in different parts of your file 
system. Hierarchies of mailboxes can be spread across multiple disks. You 
must use the cyradm utility to specify these alternate partitions; you cannot 
specify them from an IMAP mail application. 


When creating a new mailbox, specify the name of the partition for the 
mailbox as an argument to the createmailbox command in the cyradm 
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utility. If the partition is not specified, the mailbox inherits the partition of 
its parent mailbox. If the mailbox has no parent, it defaults to the partition 
specified in the defaultpartition configuration option. 


You can also change the partition of an exisiting mailbox by using the 
renamemailbox command in the cyradm utility. See cyradm(8) for more 
information. 


Note that quota roots are independent of partitions. A single quota root can 
apply to a mailbox hierarchy that spans multiple partitions. 


13.6 Mail Utilities 


The operating system includes the following mail utilities: 


The mail, binmail utility (the default) — Used by the sendmail 
utility to deliver mail locally. Because the mail utility has root setuid 
permission, it handles delivery of all mail to a user’s local mailbox 
located in the /var/spool/mail directory. Seethe Command and Shall 
User's Guideand mail(1). 


The mailx, Mail utility — A combination of the Berkeley Software 
Distribution’s (BSD) and UNIX System Laboratories, Inc.’s System 

V Release 4 (SVIDI) mail utilities. The mailx utility depends on the 
binmail utility for delivery to a user’s mailbox. It has more user 
features than the binmail utility. See the Command and ShdI User's 
Guide and mail(1). 


The dtmail utility — The default mail program in CDE. This utility 
uses sendmail as the transport and stores information in much the 
same way as the mailx utility. It also allows you to read POP3 mail, and 
offers support for MIME-encoded messages. See the Common Desktop 
Environment: User's Guideand dtmail(1). 


The message handler utility mh — It and its associated commands 

are included in the optional RAND Corporation Mail Handler subset 
(OSFMH). The message handler is composed of several shell commands 
where each command handles a specific function. For example, the inc 
command reads new mail and the comp command creates a message. 
Like the mailx utility, mh depends on the mail utility for delivery toa 
user’s mailbox. The mh utility provides a graphical interface with the xmh 
command. It also provides the Post Office Protocol (POP). See xmh(1Xx) 
and Section 13.4 for more information on xmh and POP, respectively 


Netscape Messenger — Part of the Netscape Communicator product, 
which is bundled with the operating system software. Messenger allows 
you toread mail from POP3 and|MAP4 mail servers. It also enables you 
to create rich HTML Email with embedded images, send MI ME -encoded 
attachments, encrypt and decrypt your messages for privacy, use filters 
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to organize your incoming messages into folders, and look up email 
addresses. For more information on the Netscape Communicator 
product, see netscape(1). 


For more information on sendmail, see sendmail(8), sendmail .c£(4), 
and sendmail .m4(8). 


13.7 Monitoring the Mail Queue 


Monitoring the mail queue enables you to determine the status of several 
types of networking operations, including jobs that have been queued on a 
local system for transfer to a remote system. General users and system 
administrators can monitor the mail queue. 


To display the contents of the mail queue, use the mailg command. This 
command lists the number of requests and the queue !D, the message size, 
the date the message entered the queue, and the sender and recipient for 
each request. Alternatively, you can usethe sendmail —bp command. 


See mailgq(1) for more information. 


If a major host is off line for a period of time, the number of entries in the 
queue might be quite large, causing the performance of the mail environment 
to suffer. To remedy this, you must archive the queue. See Section 13.8 

for information. 


The following example shows two requests in the mail queue: 


# mailq 

Mail Queue (2 requests) 
--QID-- --Size-- -----Q-Time----- ------------ Sender/Recipient------------ 
DA04956 1442 Tue Aug 24 10:12 <blaise> 


(Deferred) 
<corcoran@host1.corp.com> 
AA08618* (no control file) 


13.8 Archiving the Mail Queue 


When a major host is off line for a number of days, the mail queue might 
grow to be quite large. As a result, the sendmail utility spends a lot of 
time sorting the large queue, severely affecting the mail environment 
performance. Archiving the mail queue enables your mail environment to 
function normally while the major host is off line. To archive the mail queue, 
do the following: 

1. Login as root. 

2. Changetothe /var/spool directory by using the cd command. 

3. Stop the sendmail utility by entering the following command: 


# /sbin/init.d/sendmail stop 
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4. Verify that the sendmail utility is not running by entering the following 
command: 


# ps -e | grep sendmail 


5. Verify that no sendmail child processes are running by entering the 
following command: 


# ps -e | grep queue 


If any processes in the list are related to sendmail, for example, they 
include message queue | Ds, it is best to wait until these processes are 
finished before moving the queue; otherwise, you might corrupt the 
queue data. 


6. Movethe mqueue directory to the old.mqueue directory by using the 
mv command. 


Makea new mqueue directory by using the mkdir command. 


Change the directory’s permission code to 775 by using the chmod 
command. 


9. Restart the sendmail utility by using the following command: 


# /sbin/init.d/sendmail restart 


After the major host returns on line, process the old mail queue by using the 
following command: 

# /usr/sbin/sendmail -—oQ/var/spool/old.mqueue -q 

When the queue is empty, remove it by using the following command: 


# rm -r /var/spool/old.mqueue 


13.9 Administering and Distributing Alias Information 


Depending on how you choose to administer and distribute alias information 
on standalone or server systems, there are three ways to provide alias 
information for use in the mail environment: 


¢ /var/adm/sendmail/aliases file 
¢« NIS aliases database 


e Lightweight Directory Access Protocol (LDAP) 
By default, the /var/adm/sendmail/aliases file permissions code is 644. 
This means that global users cannot change and write the changes tothe file. 


While this creates a reasonably secure system, it leaves the maintenance of 
the list of global users up to the system administrator. 
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You can distribute responsibility for maintenance by doing the following: 
1. Createa local alias file for a global maintainer in a directory. Both the 
file and the directory must be accessible by another maintainer. 


2. Create an entry in the /var/adm/sendmail/aliases file that 
includes the additional alias file. The entry has the following form: 


alias name: :include: filename 
The filename is the full path name and file name of the alias file. 
3. Build anew version of the alias file by using the newaliases command. 


See aliases(4) for more information. 


Optionally, you can use NIS to administer and distribute alias information 
for use in the mail environment. To use the NIS aliases database, do the 
following: 


1. Install and configure NIS, if this is not already done, by using the 
nissetup script. 


2. Edit the svc.conf file by using the svcsetup script, and modify the 
aliases entry to include yp (NIS). 


3. Edit the NIS aliases map toindude the alias information you want. 


See Chapter 9 for information on configuring NIS and Section 9.4.5 for 
information on updating an NIS map. 


Lastly, you can also use LDAP to administer and distribute alias information 
for use in the mail environment. LDAP might be the best choice for 
maintaining alias information when your alias database is too large or you 
have many systems in the network sharing the same information. 


To use LDAP for maintaining alias information, do the following: 


1. Configure LDAP server and create the proper schema for your 
environment. You may configure LDAP service on the mail server or, 
preferably, on an independent system. See sendmail .m4(8) and your 
LDAP server documentation for more information. 


2. Create two attributes in your schema: one for the user’s mail address 
and another for the user’s alias. 


3. Manually edit the hostname.m4 filein the /var/adm/sendmail 
directory and make the following changes: 
a. Set LDAPMap to {T} to enable lookups. 


b. Set LDAPParam to define the map and its argument list. See 
sendmail .m4(8) for details. 
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4. Switch tothe /var/adm/sendmail directory and execute the following 
command: 


# make -f Makefile.cf.hostname 


5. Renamethe hostname.cf file to sendmail.cf, as follows: 


# mv hostname.cf sendmail.cf 


6. Restart the sendmail daemon by issuing the following command: 


# /sbin/init.d/sendmail restart 


Note that you need to perform steps 3-6 each time you configure mail with 
the mailsetup or the mailconfig utilities. 


13.10 Displaying Mail Statistics 


You can display statistics about mail traffic on your system by using the 
mailstats command as follows: 


# /usr/sbin/mailstats 


At any time, you can initialize the statistics file by issuing the following 
commands: 


# cp /dev/null /var/adm/sendmail/sendmail.st 
# chmod 666 /dev/null /var/adm/sendmail/sendmail.st 
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14 


Simple Network Management Protocol 


This chapter describes the Simple Network Management Protocol (SNMP) 
implementation on a Tru64 UNIX system. 


The Simple Network Management Protocol (SNMP) is the de facto industry 
standard for managing Transmission Control Protocol/I nternet Protocol 
(TCP/IP) networks. The protocol defines the role of a Network Management 
Station (NMS) and the SNMP Agent, allowing remote users on an NMS to 
monitor and manage TCP/IP network entities. 


Note 
Tru64 UNIX does not implement the NMS software. 


Tru64 UNIX provides the snmpd daemon as the SNMP agent. This daemon 
is started at boot time. For information on how to set up and configure the 
snmpd daemon, see snmpd(8). 


The operating system includes two SNMP subagents: 


* os mibs — Implements industry-standard management information 
base (MIB) support, induding MIB II, the FDDI MIB, the Token Ring 
MIB, the Host Resources MIB, and an Ethernet-like Interfaces MIB. 
See os_mibs(8) for a list of the related RFCs and Appendix G for a 
description of the Host Resources MIB implementation. 


* cpq mibs — Implements MIBs that are specific to the Tru64 UNIX 
operating system. See os_mibs(8) for more information about these 
MIBs. 


These subagents are started and stopped automatically in conjunction with 
the snmpd daemon. Together, they provide the SNMP data required by the 
Insight Manager daemon, insightd, for managing Tru64 UNIX systems via 
the web. For more information, see insight d(8) and insight _manager(5). 


See the Network Programmer's Guide for information on registering 
applications with the SNMP agent. 
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Part 2 


Problem Solving Information 


15 


Solving Network and Network Services 
Problems 


This chapter contains a diagnostic map to help you solve problems that 
might occur when you use the network and network services software. Use 
this chapter together with the appropriate Compaq documentation to solve 
as many problems as possible at your level. 


15.1 Using the Diagnostic Map 


Network and network service problems can occur for a number of reasons. 
The diagnostic map in this chapter helps you to isolate the problem. The 
following figure explains how to use the diagnostic map: 


The left-hand column eB nets 
asks questions about : 
the status of specific =P) _ 
events that occur as 2 —— 
you use the system. 


The right-hand column 
diagnoses negative 
responses to those 
questions. 


After you isolate the problem, the map refers you to other chapters for 
instructions on using the various problem solving tools and utilities. 
The map also refers you to other manuals for more complete diagnostic 
information for particular devices and software products. 


You could experience problems that are not documented in this manual 
when you use base system network and network services software with 
other layered products. See the documentation for the other products for 
additional information. 
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15.2 Getting Started 


Before you start problem solving, ensure that the communications hardware 
is ready for use. Verify the following: 


¢« Thesystem’s physical cable connections (the Ethernet connection and the 
transceiver connection) are properly installed. See the documentation for 
your system and communications hardware device. 


e Event logging is enabled in order to monitor network events. See 
Systen Administration for information on starting event logging and for 
descriptions of the event messages. 


Also see the product release notes for up-to-date information on known 
problems. 


For solving |Pv6 network problems, you must also be familiar with the 
following terms before you start problem solving: 


on-link node 
An on-link node is attached to the same subnetwork as your system. 
This subnetwork can bea LAN, a serial connection running PPP, or an 
IPv6 over |Pv4 configured tunnel. There are no! Pv6 routers between 


your system and the on-link node. For the configured tunnel, the 
on-link node is the node at the destination end of the tunnel. 


off-link node 


An off-link node is not attached to the same subnetwork as your 
system. Thereis at least one!Pv6 router between your system and 
the off-link node. 


In Figure 3-3, if your system were Host A, Host B is an on-link node, and 
Host C and Host D are off-link nodes. 


Table 15-1 helps you identify a starting point in the diagnostic map. 


Table 15-1: Problem Solving Starting Points 


If your problem is: Start here: 

uucp command error Section 15.13 

Network command error Section 15.15, if using a SLIP connection 
Section 15.16, if using a PPP connection 
Section 15.3 
Section 15.4 
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Table 15-1: Problem Solving Starting Points (cont.) 


If your problem is: Start here: 
Connecting to an ATM Section 15.5 
network Section 15.5.1, if using Classical | P 


Section 15.5.2, if using LANE 
Section 15.5.3, if using |P switching 


Section 15.3 
Section 15.4 
Obtaining an IP address Section 15.6 
using DHCP Section 15.3 
Section 15.4 


Correcting system time when Section 15.14 
you are using NTP 


Getting host name Section 15.8, if you are using DNS/BIND 
information Section 15.10, if you are using NIS 
Accessing files Section 15.12, if you are using NFS 
Section 15.3 
Section 15.4 
Connecting to a host Section 15.17 
using LAT 
Unknown errors Section 15.3 
Unknown IP v6 errors Section 15.4 
Sending or receiving mail Section 15.18 


Section 15.19, if you are using POP or IMAP mail 
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15.3 Solving IPv4 Network Problems 


Turn on the power to your system. See the system manual for your 
System on? system's startup procedure and any problem solving information. 


If you arerunning Network Information Service (NIS) and your system 
\ hangs after the NIS daemons are started and before it mounts remote 
without errors? » file systems, no NIS server is available to respond to the ypbind 
request. If you know there is an NIS server for your domain, wait until 
the server responds; the boot procedure will continue. 


If thereis a Local Area Transport (LAT) problem, the following message 
is displayed: 


getty: cannot open "/dev/ttyxx" 


See the solutions for solving LAT problems in Section 15.17. 


If your system is a Network File System (NFS) client and it hangs while 
mounting a remote file system or directory, complete the following steps: 


1. Inspect the cable and connection between your system and the 
network. 


2. Wait until all the servers listed in the /etc/fstab file are 
available on the network; your system will then continue booting. 


3. If you want your system to continue booting even if an NFS server 
is down, do the following: 
a. Halt the system. 


b. Boot the system to single-user mode and run the fsck 
command on the local file systems. 


c Edit the /etc/fstab file and add the bg (background) option 
to the server entries. See Chapter 10 for the correct format of 
an fstab entry with the bg option. 


d. Reboot the system with the following command: 


# /sbin/reboot 


If the bg option is specified in the fstab file entry, the remote 
file system or directory is automatically mounted when the 
server is running and begins functioning as an NFS server. 


15-4 Solving Network and Network Services Problems 


Follow these steps to see if your network is configured: 
Network \ 
configured? 1. If your system is new to this environment and you recently 
configured it for use on a network, verify that the network adapter 
mode is set correctly at the console level. For example, if you have 
a 10base2 Ethernet network and your system is configured to use 
10baseT Ethernet, your system fails to see the network until you 
set the appropriate console variable. See the prerequisite tasks for 
a full installation in the Installation Guide for more information. 


2. Usethercmgr utility to display the value of the NUM_NETCONFIG 
entry in the /etc/rc.config file: 


# remgr get NUM NETCONFIG 


If the value is 0, run the SysMan Menu utility to configure your 
network. See Section 2.3 for more information. 


Verify that the network daemon (inetd) is running. Enter the 
\ following command: 


Network daemons 
started? 


# ps -e | grep inetd 


If no inetd daemon is running, start it, using the following command: 


# /sbin/init.d/inetd start 


\ If a remote host’s network is not reachable, the following message is 
Network displayed: 


reachable? 
network is unreachable 


Complete the following steps: 


1. Ensure that the network devices are configured properly on the 
local host, using thenetstat -i command. See Section 2.3 for 
information on configuring network devices. 


2. Verify that the routing tables on the local host are correct, using 
thenetstat —r command. 


3. Trace the path looking at each Internet Protocol (IP) router’s 
routing tables to find an entry for the remote host’s network. 
Repair the incorrect IP router’s routing tables. (This step requires 
a thorough knowledge of your topology.) 


4. Verify that the local host’s address-to-name translation for the 
remote host is correct. See the solutions for Host known?. 


5. Inspect the routers along the path to the remote host to determine 
whether they have security features enabled that prevent you from 
reaching the remote host. 
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If a remote host is not known, the following message is displayed: 


: \ 


Complete the following steps: 


Lesh 7 


Verify that the user is trying to reach the remote host using a valid 
host name. 


Verify that the remote host is in another name domain and that 
the user specified the full domain name. 


If your site uses the Domain Name System (DNS) for 
name-to-address translation, look in the /etc/svc.conf file to 
see if bind is specified as a service for the hosts database entry. 
If it is not, edit the file and add it. Also, verify that the DNS 
service has information about the remote host. See the solutions 
for solving DNS/BIND dient problems in Section 15.8. 


If your site uses NIS name service for name-to-address translation, 
look in the /etc/svc.conf file to see if yp (NIS) is specified as a 
service for the hosts database entry. If it is not, edit the file and 
add it. Also, verify if the NIS service has information about the 
remote host. See the solutions for solving NIS client problems in 
Section 15.10. 


If your /etc/svc.cont file lists local as the only 
name-to-address translation mechanism, the /etc/hosts file 
does not have information on the remote host. See Systen 
Administration for more information. 


If a remote host is not reachable, the following message is displayed: 


> WN 
HpSt regcnanley \ host is unreachable 


Complete the following steps: 


Inspect the cabling between the local host and the network. 
Verify that the remote host is running, using the ping command. 


Make sure that the network devices are configured properly on the 
local host, using thenetstat -i command. See Section 2.3 for 
information on configuring network devices. 


Verify that the routing tables on the local host are correct, using 
thenetstat —r command. Use the ping command to determine 
whether the IP router is reachable. 


Verify that the local host’s address-to-name translation for the 
remote host is correct. See the solutions for Host known?. 


Inspect the routers along the path to the remote host to determine 
whether they have security features enabled that prevent you from 
reaching the remote host. 


15-6 Solving Network and Network Services Problems 


If a file cannot be accessed using the rcp or rsh commands, the 
\ following message is displayed: 


File access 
successful? 


permission denied 


Complete the following steps: 


1. Verify that the user is intended to have access to the remote host. 
The remote host might be intentionally preventing remote access. 


2. Verify that the correct host and user definitions exist in the user's 
.rhosts file on the remote host. 


3. Verify that the /etc/hosts. equiv file is set up correctly. 


Verify that the directory and file protection on the files to be copied 
or the . rhosts file on the remote system are correct. 


If you are using NFS, go to Section 15.12. 


\ If the connection is broken, the following message is displayed: 


Connection 


stays up? \ connection timed out 


Complete the following steps: 


1. Test the network to determine whether the problem is on the local 
host, remote host, or a host on the path between the two. See 
Chapter 16 for more information on testing the network. 
2. After you identify the host with the problem, do the following: 
a. Confirm that the network device is properly configured. Verify 


that the broadcast address and address mask for the local host 
are correct. See Section 2.3 for information on configuring 


Problem still exists? Report it to network devices. 
your service representative. See b. Makesure the local host’s /etc/hosts file has the correct 
Chapter 18. IP address for the local host. 


c. Makesure the cabling from the local host to the network is 
intact and properly connected. 


d. If connected over a local area network (LAN), verify that the 
Address Resolution Protocol (ARP) entries are correct and 
that the system is properly connected to the LAN. 


e. If connected over a wide area network (WAN), verify that 
the system is properly connected to the WAN and that the 
modems are working properly. 
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15.4 Solving IPv6 Network Problems 


Turn on the power to your system. See the system manual 
System on? wo for your system’s startup procedure and any problem solving 
— information. 


\ If you see network-related errors or warnings during boot, 
System booted \ complete the following steps: 
without errors? 
1. Disable |Pv6 during system boot by issuing the following 


command: 

# remgr set IPV6 "no" 

Reboot the system. If the problems persist, go to Section 15.3. 
Start | Pv6 by issuing the following command: 

# /usr/sbin/rcinet inet6 


If the problems reappear, look in the /etc/rc.config, 
/etc/ip6rtrd.conf, and /etc/routes files for possible 
errors. 


Enter the following command: 


IPv6 support in 


kernel? 


\ Verify that the | Pv6 support you want is configured in the kernel. 
ko) 


# sysconfig -s ipvé | grep configured 


kernel. Reconfigure the kernel by using the doconfig command. 
See Section 3.4.1 for more information. 

If you want to use configured tunnels, verify that the! P tunneling 
support is configured in the kernel. Enter the following command: 


Lesh If nothing is displayed, the IPV6 option is not configured in the 


# sysconfig -s iptunnel | grep configured 


If nothing is displayed, the |PTUNNEL option is not configured 
in the kernel. Reconfigure the kernel by using the doconfig 
command. See Section 3.4.1 for more information. 
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\ Verify that IP v6 is configured to start on system boot by issuing 
IPv6 configured? \ the remgr get IPV6 command. If|IPv6 is configured, the word 
yes appears. 


If |Pv6 is not configured, usethe ipé setup utility. See 


Lesh Section 3.5 for information on setting up an | Pv6 host or router. 
Verify that | Pv6 was started by issuing the following command: 
# ping ::1 


If thehost is unreachable message appears, start IPv6 by 
Lesh issuing the following command: 

# /usr/sbin/rcinet start inet6 
Go to Section 15.4.1 for — This creates and brings up the I Pv6 interfaces, and starts the 
IPv6 host problems or |Pv6 daemons. 


Section 15.4.2 for IPv6 
router problems. 
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15.4.1 Solving IPv6 Host Problems 


IPv6 daemons 
started? 


he 


XS 


Verify that the ndéhostd daemon is running by issuing the 
. following command: 


# ps ax | grep ndé6éhostd 


If the daemon is not running, verify that your system is 
configured as an | Pv6 host by issuing the following command: 


# remgr get ND6HOSTD 


If the word yes is not displayed, run the ipé setup utility and 
configure your system as an |Pv6 host. Then, restart |Pv6 with 
the following command: 


# /usr/sbin/rcinet restart inet6 


If the word yes is displayed, enable debugging for the ndéhostd 
daemon with the following command: 


# remgr set ND6HOSTD FLAGS "-d -1 /usr/tmp/ndéhostd.1log" 


Then, restart | Pv6. 


If a remote node is not known, the following message appears: 


unknown host 


Complete the following steps: 


1. 


Verify that the user is using a valid node name to reach the 
remote node. 


Verify that the remote node is in another name domain and 
that the user specified the full domain name. 


If your site uses the DNS/BIND name service for 
name-to-address translation, look in the /etc/svc.conf 
file to see if bind is specified as a service for the hosts 
database entry. If it is not, configure your system as a 
DNS/BIND client. See Section 8.5.6 for more information. 


Verify that your system is running | Pv4. If it is not, use the 
local /etc/ipnodes file for name-to-address translations. 


Also, verify that the DNS/BIND service has information 
about the remote node. See the solutions for solving BIND 
client problems in Section 15.8. 
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4. \f your site uses only NIS name service for name-to-address 
translation, you need to use another service for node names 
because NIS does not support | Pv6 addresses. 


Edit the /etc/svc.conf file and add either bind 
(DNS/BIND) or local (/etc/ipnodes file) as the service 
for the hosts database, depending on which service has the 
information about the remote node. 


5. If your /etc/svc.conf file lists local as the only 
name-to-address translation mechanism, edit the 
/etc/ipnodes file and verify that the node name and 
address are present and accurate. Make any necessary 
additions or corrections. 


Also, verify that there are no formatting errors in previous 
lines in the file. Beginning with the first entry, issue the 
ping command to each node to locate any formatting errors. 


If an on-link node is not reachable, one of the following messages 
can appear: 


On-link node 
reachable? 


> 


host is unreachable 
network is unreachable 
timeout 


Verify that an on-link host or router, if one exists, is reachable 
by using the ping command. If the command fails or if there are 
frequently dropped packets, complete the following steps: 


1. If thenode is attached toa LAN, look at the datalink counters 
by using thenetstat -I device -s command. The 
counters to look at and their possible causes are as follows: 


e Zero blocks sent or received can indicate a network 
hardware failure or wiring problem. 


¢ High collision rates can indicate an improperly wired 
network or a node sending excessive message traffic. 


¢ Data overrun and buffer unavailable errors indicate your 
system is misconfigured. 
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2. Look atthelPv6éand!ICMPv6 counters with thenetstat -p 
ipvé andnetstat -p ipv6é-icmp commands, respectively. 
The counters and their possible causes: 


e Packets discarded due to error or errors generated 
due to|CMP errors indicate another node generating 
invalid messages. Other counters show more specific 
information. 


e Allocation errors can indicate excessive message traffic, 
a misconfigured system, or a program that repeatedly 
allocates memory without freeing it. 


3. Verify that |Pv6 network interfaces exist, are UP, and have 
ineté addresses by using the ifconfig -a command. 
If they do not, verify that the configuration variables in 
the /etc/rce.config file are correct. Run the ip6é_ setup 
utility to correct any errors. 


Also, look for ndéhostd errors in the /var/adm/sys- 
log.dated/current/daemon.1log file. See Section 16.10 
for more information. 


If your interface does not have a global or site-local address, 
contact your network administrator to verify that your local 
router is advertising a prefix on the link. If there is no 
local router, you can define a prefix by using the ifconfig 
command (see Section 3.6.5). 


4. Contact the on-link system's administrator and verify that 
the on-link system is up and running, that it is configured 
for IPv6 correctly, and that the address you are using is 
enabled on the node's interface. 


5. Issue the ping command to the on-link node's |Pv4 address, 
if |Pv4 is configured on both systems. If this succeeds, verify 
the IPv6 configuration on both systems. If the command 
fails, see the solutions for solving |Pv4 network problems 
in Section 15.3. 


6. Issue the ping command to other nodes on the link to 
determine whether the failure is confined to just one node or 
multiple nodes. Partial connectivity might indicate a faulty 
network device or cable on the link. 


7. If thelink is a configured tunnel, do the following: 


a. Verify the tunnel source and destination addresses 
by using the ifconfig -a command. Contact the 
tunnel destination node's administrator and verify 
that your source/destination addresses match the 
destination/source addresses on that node. 


b. Issue the ping command to the tunnel destination 
address. If the command fails, see the solutions for 
solving |Pv4 network problems in Section 15.3. 
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Off-link node 
reachable? 


\ If an off-link node is not reachable, one of the following messages 
io) can appear: 


host is unreachable 
network is unreachable 
timeout 


Verify that an off-link node is reachable by issuing the ping 
command. If there is 100% packet loss, complete the following 
steps: 


1. Verify connectivity between your system and an on-link 
router by using the ping command. If the command fails 
or shows frequently dropped packets, follow the steps for 
On-link node reachable?. If you do not know the address to 
a router, issue the following command: 


# ping -I interface ff02::2 


2. Verify that the interface over which you are sending 
messages has a global or site-local unicast address enabled 
by using the ifconfig -a command. If it does not, contact 
your network administrator to verify that your local router is 
advertising a prefix on the link. 


If the link is a configured tunnel and the router is not 
advertising an address prefix, manually define one for the 
tunnel by using the ip6é_ setup utility. See Section 3.5.1 
for more information. 


3. Contact the remote system's administrator to verify that the 
system is up and running, that it is configured for |Pv6, and 
that the IPv6 address on its interface is the same as you 
are using. If the address is different, look in your system's 
/etc/ipnodes file or have the remote system administrator 
verify that the DNS entry is correct. 


4. Verify that there is a default route (with U and G flags set) to 
a router on the network by issuing thenetstat -rf ineté 
command. If not, contact the router administrator to verify 
that the router is advertising itself as a default router. 


Also, look at other routers to see if your messages are getting 
directed on the wrong path. 


5. Trace the path to the off-link node by using the traceroute 
command. See Section 16.5 and traceroute(8) for more 
information. 
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If there are frequently dropped packets, this might indicate 
network congestion or an intermittent routing problem. Do the 
following: 


1. Verify connectivity between your system and an on-link 
router by using the ping command. 


2. Trace the path to the off-link node by using the traceroute 
command. See Section 16.5 and traceroute(8) for more 
information. 


Your node 
reachable? 


\ If someone reports a problem reaching your node from another 
ho) node, complete the following steps: 

1. Verify that their node is reachable by issuing the ping 
command. If the command fails, follow the steps for On-link 
node reachable? or Off-link-node reachable?, depending on 
the location of the node. 


2. If they are using a name from the DNS database, verify that 
the address for your node in the DNS database matches one 
of the addresses configured on your system's interfaces. 
Use thenslookup -type=AAAA node-name command 
to retrieve the address from DNS and the ifconfig -a 
command to display addresses for your system. 


3. If they are using an address defined in their local 
/etc/ipnodes file, compare that address with the 
addresses configured on your system's interfaces. Use the 
ifconfig -a command. 


Connection your application, the following message might appear: 


accepted? 


\ If a remote node is not configured to accept a connection from 
ho) 


connection refused 


Contact the remote node’s system administrator and ask if 
the correct socket-based service definitions are defined in the 
/etc/services and /etc/inetd.conf files. They might be 
missing or commented out. 


Verify that the service in the local /etc/inetd.conf file has 
either tcpé or udpe in the protocol field. 
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Connection . 
stays up? 


Problem still exists? 
Report it to your service 
representative. See 
Chapter 18. 


If the connection terminates abnormally or a network application 
appears to hang, complete the following steps: 


1. 


Verify that there is network connectivity to the remote node 
by using the ping command immediately after the failure. 


If the ping command fails or shows a high rate of packet 
loss, follow the steps for either On-link node reachable? or 
Off-link node reachable?, depending on the location of the 
remote node. 


If your application transfers a large amount of data over the 
network, verify if large or fragmented messages are being 
handled correctly by using the ping -s 2000 nodename 
command. 


If the ping command fails, trace the path to the remote node 
with 1200-byte packets by usingthetraceroute nodename 
1200 command. All IPv6 links must support message 

sizes of at least 1280 bytes. This command might show the 
location of the problem in the network. See Section 16.5 and 
traceroute(8) for more information. 


Run the application with different client and server nodes 
located on different links in the network. 
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15.4.2 Solving IPv6 Router Problems 


IPv6 daemons 
started? 


eee | 


<S 


Verify that the ipé6rtrd daemon is running by issuing the 
. following command: 
# ps ax | grep ip6rtrd 


If the daemon is not running, verify that your system is 
configured as an |Pv6 router by issuing the following command: 


# remgr get IP6éRTRD 


If the word yes is not displayed, run the ipé setup utility and 
configure your system as an |Pv6 router. Then, restart |Pv6 with 
the following command: 


# /usr/sbin/rcinet restart inet6 


If the word yes is displayed, enable debugging for the ipértrd 
daemon with the following command: 


# remgr set IP6RTRD FLAGS "-d -1 /usr/tmp/ip6rtrd.log 
/etc/ip6rtrd.conf" 


Then, restart | Pv6. 


1. 


Nunknown host 


; If a remote node is not known, the following message appears: 


Complete the following steps: 


Verify that the user is using a valid node name to reach the 
remote node. 


Verify that the remote node is in another name domain and 
that the user specified the full domain name. 


If your site uses the DNS/BIND name service for 
name-to-address translation, look in the /etc/svc.conf 
file to see if bind is specified as a service for the hosts 
database entry. If it is not, configure your system as a 
DNS/BIND client. See Section 8.5.6 for more information. 


Verify that your system is running | Pv4. If it is not, use the 
/etc/ipnodes file for name-to-address translation. 


Also, verify that the DNS/BIND service has information 
about the remote node. See the solutions for solving BIND 
client problems in Section 15.8. 
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4. If your site uses only NIS name service (yp) for 
name-to-address translation, you need to use another service 
for node names as N1IS does not support | Pv6 addresses. 


Edit the /etc/svc.coné file and add either bind 
(DNS/BIND) or local (/etc/ipnodes file) as the service 
for the hosts database, depending on which service has the 
information about the remote node. 


Also, verify that there are no formatting errors in previous 
lines in the file. Beginning with the first entry, issue the 
ping command to each node to locate any formatting errors. 


5. If your /etc/svc.conf file lists local as the only 
name-to-address translation mechanism, edit the 
/etc/ipnodes file and verify that the node name and 
address are present and accurate. Make any necessary 
additions or corrections. 


If an on-link node is not reachable, one of the following messages 
can appear: 


On-link node 
reachable? 


> 


host is unreachable 
network is unreachable 
timeout 


Verify that an on-link host or router, if one exists, is reachable 
by using the ping command. If the command fails or if there are 
frequently dropped packets, complete the following steps: 


1. If thenode is attached toa LAN, look at the datalink counters 
by using thenetstat -I device -s command. The 
counters to look at and their possible causes are as follows: 


e Zero blocks sent or received can indicate a network 
hardware failure or wiring problem. 


¢ High collision rates can indicate an improperly wired 
network or a node sending excessive message traffic. 


¢ Data overrun and buffer unavailable errors indicate your 
system is misconfigured. 


Solving Network and Network Services Problems 15-17 


2. Look atthelPv6and!ICMPv6 counters with thenetstat -p 
ipvé andnetstat -p ipv6é-icmp commands, respectively. 
The counters to look at and their possible causes are as 
follows: 


e Packets discarded due to error or errors generated 
due to|CMP errors indicate another node generating 
invalid messages. Other counters show more specific 
information. 


e Allocation errors can indicate excessive message traffic, 
a misconfigured system, or a program that repeatedly 
allocates memory without freeing it. 


3. Verify that |Pv6 network interfaces exist, are UP, and have 
ineté addresses by using the ifconfig -a command. 
If they do not, verify that the /etc/rce.config and 
/etc/ipértrd.conf files are correct. 


Also, look for ipértrd errors in the /var/adm/sys- 
log.dated/current/daemon.1log file. See Section 16.10 
for more information. 


Run the ip6_setup utility to correct any errors. 


4. Contact the on-link system's administrator and verify that 
the on-link system is up and running, that it is configured 
for IPv6 correctly, and that the address you are using is 
enabled on the node's interface. 


5. Issue the ping command tothe on-link node's |Pv4 address, 
if |Pv4 is configured on both systems. If this succeeds, verify 
the IPv6 configuration on both systems. If the command 
fails, see the solutions for solving |Pv4 network problems 
in Section 15.3. 


6. Issue the ping command to other nodes on the link to 
determine whether the failure is confined to just one node or 
multiple nodes. Partial connectivity might indicate a faulty 
network device or cable on the link. 


7. If thelink is a configured tunnel, do the following: 


a. Verify the tunnel source and destination addresses 
by using the ifconfig -a command. Contact the 
tunnel destination node's administrator and verify 
that your source/destination addresses match the 
destination/source addresses on that node. 


b. Issue the ping command to the tunnel destination 
address. If the command fails, see the solutions for 
solving |Pv4 network problems in Section 15.3. 
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Off-link node 
reachable? 


\ If an off-link node is not reachable, one of the following messages 
io) can appear: 


host is unreachable 
network is unreachable 
timeout 


Verify that an off-link node is reachable by issuing the ping 
command. If there is 100% packet loss, complete the following 
steps: 


1. Verify connectivity between your system and the next router 
in the path to the off-link node by using the ping command. 
If the command fails or shows frequently dropped packets, 
follow the steps for On-link node reachable?. 


2. Verify that the interface over which you are sending 
messages has a global or site-local unicast address enabled 
by using the ifconfig -a command. If it does not, 
verify that the interface address prefixes defined in the 
/etc/ipé6értrd.conft file (see ip6rtrd.conf(4)) are 
correct. Run the ip6_ setup utility to correct any prefix 
errors. 


3. Contact the remote system's administrator to verify that 
the system is up and running, that it is configured for | Pv6, 
and that the IPv6 address on its interface is the same as 
the address that you are using. If the address is different, 
look in the hosts database. 
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4. Verify that there is a specific route to the next router in 
the path to the remote node by issuing the netstat -rf 
ineté command. If the route is missing or incorrect, verify 
that the routes in /etc/routes and the address prefixes in 
/etc/ip6rtrd.conf are correct. 


If your site uses RIPng, verify that RIP is enabled in the 
/etc/ipé6rtrd.conf file. If it is, contact the administrator 
of the next router to verify that RIP is enabled. 


5. Trace the path to the off-link node by using the traceroute 
command. See Section 16.5 and traceroute(8) for more 
information. 


If there are frequently dropped packets, this might indicate 
network congestion or an intermittent routing problem. Do the 
following: 


1. Verify connectivity between your system and an on-link 
router by using the ping command. 


2. Tracethe path to the off-link node by using the traceroute 
command. See Section 16.5 and traceroute(8) for more 


information. 
|Pv6 hosts generate their global and site-local unicast addresses 
ee \ automatically using address prefixes provided by a router on 
autoconfiquted? )the link. If an on-link node cannot autoconfigure its addresses, 


complete the following steps: 


1. Verify that the host is reachable from your router by using 
the ping command and specifying the host’s link-local 
address. If the command fails or shows a high rate of packet 
loss, follow the steps for On-link node reachable?. 


2. Edit the /etc/ipé6rtrd.conf file and verify that the 
router is configured to advertise the correct prefixes and 
that the timers are reasonable. See Section 3.6.11 and 
ipértrd.conf(4) for more information. 
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Messages 
forwarded? 


If another network user reports that message transmission 
ie appears to be failing at your router, complete the following steps: 

1. Obtain the source and destination addresses of the message 
that your router is not forwarding. Then, verify that your 
router can reach each node by using the ping command. If 
either command fails or shows a high rate of packet loss, 
follow the steps for On-link node reachable? or Off-link node 
reachable?, as applicable. 


2. If your router is running the RIPng protocol, verify that 
the | Pv6 router daemon is running by issuing the following 
command: 


# ps ax | grep ip6rtrd 


If itis running, edit the /etc/ipé6rtrd.conft file and verify 
that the RI Png protocol is enabled on each I Pv6 link. If it is 
not, your node may not be propagating routes correctly. 


3. Makesure that you are not using manual routes on some 
interfaces and RIPng routes on other interfaces. Manual 
routes defined in the /etc/routes file do not get propagated 
to other routers with RIPng. 


Your node 
reachable? 


If someone reports a problem reaching your node from another 
he node, complete the following steps: 

1. Verify that their node is reachable by issuing the ping 
command. If the command fails, follow the steps for On-link 
node reachable? or Off-link-node reachable?, depending on 
the location of the node. 


2. If they are using a name from the DNS database, verify that 
the address for your node in the DNS database matches one 
of the addresses configured on your system's interfaces. 
Usethenslookup -type=AAAA node-name command 
to retrieve the address from DNS and the ifconfig -a 
command to display addresses for your system. 


3. If they are using an address defined in their local 
/etc/ipnodes file, compare that address with the 
addresses configured on your system's interfaces. Use the 
ifconfig -a command. 
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\ If a remote node is not configured to accept a connection from 
Connection \ your application, the following message might appear: 
accepted? 
connection refused 
Contact the remote node’s system administrator and ask if 
the correct socket-based service definitions are defined in the 
/etc/services and /etc/inetd.conf files. They might be 
missing or commented out. 


Verify that the service in the local /etc/inetd.conf file has 
either tcpé or udpé in the protocol field. 


\ If the connection terminates abnormally or a network application 
Connection \ appears to hang, complete the following steps: 
stays up? 


1. Verify that there is network connectivity to the remote node 
by using the ping command immediately after the failure. 
Lesh If the ping command fails or shows a high rate of packet 
loss, follow the steps for either On-link node reachable? or 


Off-link node reachable?, depending on the location of the 
remote node. 


2. If your application transfers a large amount of data over the 
network, verify if large or fragmented messages are being 
handled correctly by using the ping -s 2000 nodename 

Problem still exists? command. 

Report it to your service 

representative. See 

Chapter 18. 


If the ping command fails, trace the path to the remote node 
with 1200-byte packets by usingthetraceroute nodename 
1200 command. All IPv6 links must support message 

sizes of at least 1280 bytes. This command might show the 
location of the problem in the network. See Section 16.5 and 
traceroute(8) for more information. 


3. Run the application with different client and server nodes 
located on different links in the network. 
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15.5 Solving ATM Problems 


ATM subsets 
installed? 


ATM configured 
in kernel? 


Verify that the ATM subsets are installed. Enter the following 
command: 


# setld -i | grep OSFATM 
The following messages is displayed: 


OSFATMnnn installed ATM Commands 

(Network-Server/Communications) 

OSFATMBINnnn installed ATM Kernel 
Modules (Kernel Build Environment) 

OSFATMBINCOMnnn installed ATM Kernel 
Header and Common Files 

(Kernel Build Environment) 

OSFATMBINOBJECTnnn installed ATM Kernel 
Objects (Kernel Software Environment) 


If the OSFATM, OSFATMBIN, and OSFATMBINCOM subsets are 
not installed, install them by using the set1d command. See 
System Administration for information on installing the subset. 


Verify that the ATM support you want is configured in the 
kernel. Enter the following command: 


# sysconfig -q atm 


If nothing is displayed, ATM is not configured in the kernel. 
Reconfigure the kernel with the ATM option and additional 
ATM options as needed. See Section 4.2.2 for a list of ATM 
kernel options and for information on reconfiguring the kernel. 
If ATM is configured in the kernel, use the sysconfig 

-q command to verify that other ATM kernel options are 
configured. Reconfigure the kernel with additional options as 
needed. 
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Verify that the driver is configured by using the atmconfig 
ATM driver , drvlist command. If the driver is configured, information 
configured? similar to the following is displayed: 


Name: 1ta0d Type: STS-3 State: UP 
Driver ID: 1 ESIs: 8 PPAs: 9 VCs: 6 


If an entry for the driver does not exist, use the genvmunix 


Go to Section 15.5.1 kernel to reboot the system and run the doconfig utility to 

for Classical IP, go to build a kernel with the required driver. 

Section 15.5.2 for LAN If the driver state is not UP, run the atmsetup utility for the 

Emulation, or go to ATM service you want. See Section 4.3.2.4, Section 4.3.3.3, and 

Section 15.5.3 for IP Section 4.3.4.2 for information on configuring the driver for 

switching. Classical |P (CLIP), LAN emulation (LANE), and IP switching, 
respectively. 
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15.5.1 Solving CLIP Problems 


Signaling 
configured? 
(SVCs only) 


lis interfaces 
created? 


lis interfaces 
configured? 


Verify that signaling is configured. Enter the following 
command: 


# atmsig status driver=driver name 


If the UNI version number is not displayed or the ILMI state 
iS Unknown, run the atmsetup utility and configure signaling. 
See Section 4.3.2.4 for information. 


Verify that the CLIP lis interfaces are created. Enter the 
following command: 


# atmarp -h 


If a lis interface is created, the status of all created LISs 
and data indicating whether the host is an ARP client or ARP 
server is displayed. 

If no LISs are created, run the atmsetup utility and configure 
CLIP. See Section 4.3.2.4 for more information. 


Verify that a lis interface is configured. Enter the following 
command: 


# ifconfig lisx 
If a lis interface is configured, information similar to the 
following is displayed: 


lisO: flags=c23<UP,BROADCAST,NOTRAILERS , MULTICAST, SIMPLEX> 
inet 10.140.120.52 netmask ffffFf0O broadcast 10.140.120.255 
ipmtu 1500 


If a Lis interface is not configured, run the netconfig utility 
to configure one or use the Interfaces application from the 
SysMan Menu. See Section 4.3.2.5 for more information. 
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\ If a remote host is not known, the following message is 


unknown host 


Lesh Complete the following steps: 
1. Verify that the user is using a valid host name to reach 


the remote host. 


2. Verify that the remote host is in another name domain and 
that the user specified the full domain name. 


3. If your site uses DNS for name-to-address translation, look 
in the /etc/svc.conf file to see if bind is specified as a 
service for the hosts database entry. If it is not, edit the 
file and add it. 


Also, verify that DNS has information about the remote 
host. See Section 15.8. 


4. \f your site uses NIS name service for name-to-address 
translation, look in the /etc/svc.conf file to see if nis is 
specified as a service for the hosts database entry. If it is 
not, edit the file and add it. 


Also, verify that the NIS service has information about the 
remote host. See Section 15.10. 


5. If your /etc/svc.conf file lists local as the only 
name-to-address translation mechanism, the /etc/hosts 
file does not have information on the remote host. See 
System Administration for more information. 


If a remote host is not reachable, the following message is 


host is unreachable 


Complete the following steps: 


1. Verify that the cabling between the local host and the 
switch is properly installed and undamaged. 


2. Verify that thereis network connectivity to the!P controller 
on the switch by using the ping command. If the command 
fails, it might be because the ifconfig command 
parameters are wrong, or the IP controller is down or has 
an interface problem. Contact the switch administrator. 


3. Verify that there is network connectivity to the target 
remote host by using the ping command. If the command 
fails, use the traceroute command to verify the route to 
the remote host. 
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If the connection terminates abnormally, complete the following 
Connection . steps: 
stays up? 


1. Test the network to determine whether the problem is on 
the local host, remote host, or a host on the path between 
the two. See Section 15.3. 


2. Once you have identified the host with the problem, do 
the following: 


a. Confirm that the network device is properly 
configured. Verify that the broadcast address and 
address mask for the local host are correct. See 


Problem still exists? Section 2.3 for information on configuring network 
Report it to your service devices. 

representative. See b. Make sure the local host’s hosts database has the 
Chapter 18. correct |P addresses. 


c. Make sure the cabling from the local host to the 
network is intact and properly connected. 


d. If connected over a LAN, verify that the ARP entries 
are correct and that the system is properly connected 
to the LAN. 
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15.5.2 Solving LANE Problems 


Verify that signaling is configured. Enter the following 
Signaling . command: 
configured? 


# atmsig status driver=driver name 


If no User-Network Interface (UNI) version number is 
displayed or the | ntegrated Layer Management I nterface 
(ILMI) state is Unknown, run the atmsetup utility and 
configure signaling. See Section 4.3.3.3 for information. 


Verify that an elan interface is created. Enter the following 


elan interfaces , command: 
created? 
# atmelan show 


If an elan interface is created, information similar to the 
following is displayed: 


control state: S OPERATIONAL 


If the control state is not S_ OPERATIONAL, do the following: 


1. Increase the message logging level for the lane subsystem. 
See Section 4.4.6 for more information. 


2. Verify that the UNI version on the switch matches the UNI 
version on your system. 


3. Verify that the LAN Emulation Server (LES) on the switch 
is configured correctly. 


Verify that an elan interface is configured. Enter the following 


elan interfaces . command: 
configured? 
# ifconfig elanx 


If an elan interface is configured, information similar to the 
following is displayed: 


elanoO: flags=c23<UP, BROADCAST, NOTRAILERS , MULTICAST, SIMPLEX> 
inet 10.140.120.52 netmask ffffff0O0 broadcast 10.140.120.255 
ipmtu 1500 


If an elan interface is not configured, run the netconfig 
utility to configure one or use the Interfaces application from 
the SysMan Menu. See Section 4.3.3.4 for more information. 
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\ If a remote host is not known, the following message is 


unknown host 


Lesh Complete the following steps: 
1. Verify that the user is using a valid host name to reach 


the remote host. 


2. Verify that the remote host is in another name domain and 
that the user specified the full domain name. 


3. If your site uses DNS for name-to-address translation, look 
in the /etc/svc.conf file to see if bind is specified as a 
service for the hosts database entry. If it is not, edit the 
file and add it. 


Also, verify that DNS has information about the remote 
host. See Section 15.8. 


4. \f your site uses NIS name service for name-to-address 
translation, look in the /etc/svc.conf file to see if nis is 
specified as a service for the hosts database entry. If it is 
not, edit the file and add it. 


Also, verify that the NIS service has information about the 
remote host. See Section 15.10. 


5. If your /etc/svc.conf file lists local as the only 
name-to-address translation mechanism, the /etc/hosts 
file does not have information on the remote host. See 
System Administration for more information. 


If a remote host is not reachable, the following message is 


host is unreachable 


Complete the following steps: 


1. Verify that the cabling between the local host and the 
switch is properly installed and undamaged. 


2. Verify that the addresses on the link are correct by using 
the ifconfig elanx command. 


3. Verify that there is network connectivity to the target 
remote host by using the ping command. If the command 
fails, use the traceroute command to verify the route to 
the remote host. 
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If the connection terminates abnormally, complete the following 
Connection . steps: 
stays up? 


1. Test the network to determine whether the problem is on 
the local host, remote host, or a host on the path between 
the two. See Section 15.3. 


2. Once you have identified the host with the problem, do 
the following: 


a. Confirm that the network device is properly 
configured. Verify that the broadcast address and 
address mask for the local host are correct. See 


Problem still exists? Section 2.3 for information on configuring network 
Report it to your service devices. 

representative. See b. Make sure the local host’s hosts database has the 
Chapter 18. correct |P addresses. 


c. Make sure the cabling from the local host to the 
network is intact and properly connected. 


d. If connected over a LAN, verify that the ARP entries 
are correct and that the system is properly connected 
to the LAN. 
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15.5.3 Solving IP Switching Problems 


\ Verify that an IP switching ips interface is created. Enter the 
ips interfaces . following command: 
created? 


# atmifmp showips 


If an ips interface is created, information similar to the 
following is displayed for each created ips interface: 


ipso: 
Attached to driver lta0o 
Default (SNAP) VC = 32 
IP Traffic VC = 1850 (Unused - peer does 
not support Flow Type 0) 


Min Tx VC = 1 
Max Tx VC = 2048 
Min Rx VC = 1 
Max Rx VC = 2048 


Driver Min Tx VC 
Driver Max Tx VC 2048 

Driver Min Rx VC 1 

Driver Max Rx VC = 2048 

Peer does not support Flow Type 0 


1 


This example shows that the ipso interface was created and is 
attached to driver 1ltao. 

If no ips interfaces are found, create one or more ips 
interfaces. See Section 4.3.4 for more information. 


\ Verify that an ips interface is configured. Enter the following 
, command: 


ips interfaces 
configured? 


# ifconfig ipsx 


If an ips interface is configured, information similar to the 
following is displayed: 


ips0O: flags=4d1<UP, POINTOPOINT, RUNNING, NOARP, MULTICAST> 
inet 16.142.128.129 --> 16.142.128.130 netmask fffffffc ipmtu 1500 


The example shows that the interface is up and running and 
that addresses are configured for each end of the point-to-point 
link. 

If an ips interface is not configured, run the netconfig utility 
to configure one or use the Interfaces application from the 
SysMan Menu. See Section 4.3.4.3 for more information. 
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\ If a remote host is not known, the following message is 


unknown host 


Lesh Complete the following steps: 
1. Verify that the user is using a valid host name to reach 


the remote host. 


2. Verify that the remote host is in another name domain and 
that the user specified the full domain name. 


3. If your site uses the DNS for name-to-address translation, 
look in the /etc/svc.conf file to see if bind is specified 
as a service for the hosts database entry. If it is not, edit 
the file and add it. 


Also, verify that DNS has information about the remote 
host. See Section 15.8. 


4. \f your site uses NIS name service for name-to-address 
translation, look in the /etc/svc.conf file to see if nis is 
specified as a service for the hosts database entry. If it is 
not, edit the file and add it. 


Also, verify that the NIS service has information about the 
remote host. See Section 15.10. 


5. If your /etc/svc.conf file lists local as the only 
name-to-address translation mechanism, the /etc/hosts 
file does not have information on the remote host. See 
System Administration for more information. 


If a remote host is not reachable, the following message is 


Host reachable? . displayed: 


host is unreachable 


Complete the following steps: 


1. Verify that the addresses on the point-to-point link to the 
switch are correct by usingthe ifconfig ipsx command. 


2. Verify the connection to the IP controller on the switch by 
using the ping command. If the command fails, the local 
host’s ifconfig command parameters might be incorrect. 
On the switch, the problem might be that the IP controller 
is down or has an interface problem. Contact the switch 
administrator. 


3. Verify that there is an ips route to the remote host’s 
subnet by using thenetstat -xr command. 
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ping command 
completes 
successfully? 


\ If the ping command fails, complete the following steps: 


1. Verify that the cabling between the local host and the 
switch is properly installed and undamaged. 


2. Verify that the default Subnetwork Attachment Point 
(SNAP) virtual circuit (VC) specified on the local host 
matches the default SNAP VC on the switch. 


3. Contact the remote system administrator and verify 
that the remote system is up and running and that it is 
configured correctly for |P switching. 


4. Verify the route to the remote host by using the 
traceroute command. If the first hop in the output shows 
the default network interface and not the IP controller, 
add a static route to the remote subnet through the IP 
controller to your routing table. Usethenetstat -r 
command to verify the change. 


If the route reaches the IP controller but goes no further, 
contact the remote system's administrator to verify that 
the system is configured correctly and that the routing 
tables are correct. 


If the connection terminates abnormally, complete the following 
Connection , steps: 
stays up? 


1. Test the network to determine whether the problem is on 
the local host, remote host, or a host on the path between 
the two. See Section 15.3. 


2. Once you have identified the host with the problem, do 
the following: 


a. Confirm that the network device is properly configured. 
Verify that the broadcast address and address mask 
for the local host are correct. See Section 2.3 for 
information on configuring network devices. 


Problem still exists? 


Report it to your service b. Makesure the hosts database on the local host has 
representative. See the correct |P addresses. 
Chapter 18. 


c. Make sure the cabling from the local host to the 
network is intact and properly connected. 
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15.6 Solving DHCP Problems 


\ Verify that the Additional Networking Services subset is installed. 


Additional 
Networking Services 
subset installed? 


Enter the following command: 
# setld -i | grep OSFINET 
If the subset is installed, the following message is displayed: 


OSFINETnnn installed Additional Networking Services 
(Network-Server/Communications) 


If the subset is not installed, install it by using the set 1d command. See 
Systen Administration for more information on installing the subset. 


Complete the following steps to verify that Dynamic Host Configuration 
\ Protocol (DHCP) has been configured on both server and client: 


DHCP configured? 
1. Usethe rcmgr utility to display the value of the JOIND entry in 
the /etc/rc.config.common file on the DHCP server: 
Lesh # remgr get JOIND 


If nothing is returned, run the SysMan Menu utility to configure 
your DHCP server. See Section 5.4 for more information. 


2. Usethercmgr utility to display the value of the IFCONFIG_n entry 
in the /etc/rc.config file on the DHCP client. For example: 


# remgr get IFCONFIG 0 
A value similar to the following is displayed: 


DYNAMIC netmask n.n.n.n 


If asimilar valueis not returned, run the SysMan Menu utility to 
configure your DHCP dient. See Section 2.3 for more information. 


command. 


DHCP server 
reachable? 


\ Verify that the DHCP server is running and reachable, using the ping 
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Verify that the DHCP daemon (joind) is running on the server. Enter 
\ the following command: 


DHCP daemon 
started? 


# ps -e | grep joind 


Alternatively, you can use the SysMan Menu utility to view the status 
of the DHCP daemon. You can skip directly to the status dialog box by 
entering the following command: 


# /usr/sbin/sysman dmnstatus 


If the DHCP daemon is not running, start it by entering the following 
command: 


# /usr/sbin/joind 
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If aDHCP client has problems obtaining DHCP information from the 


Clients obtain \ server, do the following: 
addresses \ 


successfully? 


1. Verify the Media Access Control (MAC) address you entered for the 
dient. Users of Microsoft clients specifically must see Section 5.3.5, 
which explains how these clients modify their MAC addresses 
before sending them to the DHCP server. 


2. Run the joind daemon with the debugging flag by doing the 
following: 


a. Stop the joind daemon with the kill —HUP command. 


var ——<— Gatti» 
Problem still exists? Report it to Never use the kill —9 command to stop the 
your service representative. See DHCP server daemon; it can corrupt your 


Chapter 18. database files. 


b. Restart the joind daemon with the debug flag as follows: 


# /usr/sbin/joind —d4 


If you are running joind from the /etc/inetd.conf file, 
do the following: 


i. Edit the /etc/inetd.conf file and add the -d4 flag. 
ii. Stop the joind daemon with the kill -—HUP command. 


iii. Stop the inetd daemon with the inetd -h command. 
This forces the inetd daemon to reread the 
/etc/inetd.conf file. 


Alternatively, you can run the SysMan Menu utility to 
configure your DHCP server with the debug option. See 
Section 5.4 for more information. 


3. Review the /var/join/log file for information about the cause 
of any DHCP client problems. 


The following example shows a /var/join/1log file message that 
indicates a DHCP discover message arrived at the server system, but 
the IP subnetwork address range is not defined: 


DHCPDISCOVER from HW address 08:00:2b:96:79:b6 
network not administered by server 

This problem can also occur if an address range is defined, but the 

/etc/join/netmasks file is missing the subnetwork mask definition 

for this IP network. In this case, edit the netmasks file, add an entry 

for the subnetwork, and restart the DHCP server, /usr/sbin/joind. 
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15.7 Solving DNS/BIND Server Problems 


\ Verify that the Additional Networking Services subset is installed. 


Additional 
Networking Services 
subset installed? 


Enter the following command: 
# setld -i | grep OSFINET 
If the subset is installed, the following message is displayed: 


OSFINETnnn installed Additional Networking Services 
(Network-Server/Communications) 


If the subset is not installed, install it by using the set1d command. 
See Systen Administration for more information on installing the 
subset. 


Use the remgr utility to display the value of the BIND _SERVERTYPE 
entry in the /etc/rce.config.common file: 


# remgr get BIND SERVERTYPE 


If no type is specified, run the SysMan Menu utility to configure your 
DNS server. See Section 8.5 for more information. 


Verify that the BIND daemon (named) is running. Enter the following 
command: 
# ps -e | grep named 


If no named process is running, start the named daemon, using the 
following command: 


# /sbin/init.d/named start 
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Authentication \ 
successful? 


nslookup command \ 
returns valid 


information? 


sO 


Problem still exists? Report it to 
your service representative. See 
Chapter 18. 


If you have enabled authentication, and secure dynamic updates 

or secure zone transfers are not successful, look for errors in the 
daemon. log file generated by the syslogd daemon. For secure 
dynamic updates, examine the log on the master server. For secure 
zone transfers, examine the log on the master server and the slave 
server. See Section 16.10 for more information about viewing syslogd 
message files. 

If you see a syntax error near ’item’ message, look for syntax 
errors in your named. conf file and key file (possibly named. keys). 
Verify that there are no missing braces, quotes, or semicolons. If 
necessary, compare the contents of these files with those in Section 8.6.3. 


If you see an unknown key ’key-name’ message or an Invalid 
TSIG secret "key-string" message, do the following: 


1. Verify that you are using the correct key for the update or transfer. 
Verify the spelling of the key name. 


3. Verify the integrity of the key string. There must be no line feeds 
or spaces between the quotes that contain the key. 


4. Verify that the algorithm specified for the key is hmac-md5 and 
that the key was generated correctly. If necessary, generate a new 
key. See Section 8.6 for more information. 


If the nslookup command does not return information for any host or 
the host specified in the dient nslookup command, use the value of 
the BIND _SERVERTYPE entry you collected in a previous step to select 
a course of action from the table: 


If the type is: Go to: 


CLIENT Stop. This system is not a DNS/BIND server and 
cannot provide name resolution to cients. 

MASTER Section 17.4 

SLAVE Section 17.4 

FORWARDER Section 17.5 

CACHING Section 17.9 
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15.8 Solving DNS/BIND Client Problems 


Verify that the Additional Networking subset is installed. Enter the 
Additional \ 
Networking Services 


subset installed? # setld -i | grep OSFINET 


following command: 


If the subset is installed, the following message is displayed: 


OSFINETnnn installed Additional Networking Services 
(Network-Server/Communications) 


If the subset is not installed, install it by using the set 1d command. See 
Systen Administration for more information on installing the subset. 


Use the remgr utility to display the value of the BIND _SERVERTYPE 
DNS configured? \ entry in the /etc/rce.config.common file: 
# remgr get BIND SERVERTYPE 


If no type is specified, run the SysMan Menu utility to configure your 
DNS client. See Section 8.5 for more information. 


If you attempt to use one of the network commands (for example, 
Host known? \ telnet, rlogin, and rsh commands) and the remote host is not 
: \. known, the following message is displayed: 


unknown host 
Complete the following steps: 
1. Look in the /etc/svc.conf file to determine if DNS is being used 


for the hosts database lookup. If it is, go to step 2. If it is not, add 
it to the file by using the /usr/sbin/svcsetup Script. 


2. Retrieveinformation about the remote host with which you tried 
to communicate by using the nslookup command. Enter the 
following command: 

Problem still exists? Report it to 
your service representative. See # nslookup hostname 
Chapter 18. If the command succeeds, the dient is set up correctly; try the 


network command again. If the command fails, go to step 3. 


3. View the /etc/resolv.conf file and retrieve the addresses for 
the nameserver entries. 


4. Verify that theservers are reachable by using the ping command. 
If noservers are reachable, contact your network administrator. If 
any nameserver fails to respond to the ping command, delete the 
name server entry from the resolv. conf file. 


5. Try the nslookup command again. If the command fails, see the 
solutions for solving DNS/BIND server problems in Section 15.7. 
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15.9 Solving NIS Server Problems 


Additional 
Networking Services 
subset installed? 


Verify that the Additional Networking Services subset is installed. 
\ Enter the following command: 


# setld -i | grep OSFINET 
If the subset is installed, the following message is displayed: 
OSFINETnnn installed Additional 


Networking Services 
(Network-Server/Communications) 


If the subset is not installed, install it by using the set 1d command. See 
System Administration for more information on installing the subset. 


Usethe remgr utility to display the value of theNIS_CONF entry in the 
\ /etc/re.config.common file: 


NIS configured? 
# remgr get NIS CONF 


If nothing is returned, run the SysMan Menu utility to configure your 
NIS server. See Section 9.3 for more information. 


Verify that the portmap daemon is running. Enter the following 
\ command: 


portmap daemon 
started? 


# ps -e | grep portmap 


If you do not find the portmap daemon, stop and restart NIS, using 
the following commands: 


# /sbin/init.d/nis stop 
# /sbin/init.d/nis start 


If the portmap daemon does not start, reboot the server. 
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NIS daemons 
started? 


Verify that a ypserv process is running. Enter the following command: 


# ps -e | grep yp 


If no ypserv process is running, stop and start NIS, using the following 
commands: 


# /sbin/init.d/nis stop 
# /sbin/init.d/nis start 


If a ypserv process is running, execute a ypwhich command. Enter 
the following command: 


# ypwhich 


If nothing is returned, find the process ID (PID) of the portmap process 
and kill it. Enter the following commands: 


# ps -e | grep portmap 
# kill -9 portmap PID 


Note 
Because other network services use the portmap daemon, 
stopping it can affect network service. Therefore, notify 
your users of potential disruptions. 


Stop and start NIS by using the following commands: 


# /sbin/init.d/nis stop 
# /sbin/init.d/nis start 
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\ Verify that the information in the map is correct. Enter the following 


NIS maps correct? command: 


(master server) 


# ypcat map name 
The map_name variable is the name of the NIS map. If the information 
is incorrect, create a new map. Enter the following commands: 

# cd /var/yp 


# make map name 


The following message is displayed: 


map_name updated 

If the make command indicates that the database is not updated, 

complete the following steps: 

1. Remove the database _name.time filein the /var/yp and 
/var/yp/domainname directories. 

2. Create a new map by using the make command. Enter the 
following commands: 


# cd /var/yp 
# make map name 
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If you suspect that a slave server is not getting NIS map updates, 
\ complete the following steps on the slave server: 


NIS maps received? 


(slave server) 


1. Verify that the NIS master server is running and reachable, using 


the ping command. See Section 16.2 for more information on 
tech using the ping command. 
2. Create a ypxfr log file. Enter the following commands: 


# cd /var/yp 
# touch ypxfr.log 


3. Run ypxfr interactively to get map updates. Enter the following 


command: 
Problem still exists? Report it to # ypxfr mapname 
eer Pepre tative oes 4. Examine the ypxfr.1log file and resolve any problems. Remove 


the log file to turn logging off. 


5. Verify the ypxfr entries in the 
/var/spool/cron/crontabs/root file. Use either the pg 
command or the /usr/bin/crontab —1 command. The slave 
server entries are similar to the following: 


# Network Information Service: SLAVE server entries 
30 * * * * gh /var/yp/ypxfr_lperhour 

31 1,13 * * * sh /var/yp/ypxfr_2perday 

32 1 * * * sh /var/yp/ypxfr_2perday 


6. Verify that the map has an entry in the corresponding ypxfr shell 
script. 


7. Lookin the syslogd daemon message files for any NIS messages. 
See Section 16.10 for more information. 


8. Verify that the slave server is in the ypservers map for the 
domain. 
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15.10 Solving NIS Client Problems 


Use the remgr utility to display the value of the NIS_CONF entry in the 
NIS configured? \ /etc/re.config.common file: 


# remgr get NIS CONF 


If nothing is returned, run the SysMan Menu utility to configure your 
NIS dient. See Section 9.3 for more information. 


For the passwd and group databases, the Security Integration 


NIS entries in 
svc.conf file? 
Architecture (SIA) controls whether or not NIS is used. However, in 


order to use NIS, a plus sign followed by a colon (+) must be on the 
tech last linein both databases. 


Use the /usr/sbin/svcsetup script to verify that the svc. conf file 
\ contains entries for NIS. NIS entries are indicated by the letters “yp.” 


portmap daemon 
started? 
# ps -e | grep portmap 


If no portmap daemon is running, stop and restart NIS, using the 
following commands: 


# /sbin/init.d/nis stop 
# /sbin/init.d/nis start 


Verify that the portmap daemon is running. Enter the following 
\ command: 


If the portmap daemon does not start, reboot the client. 
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NIS daemons 
started? 


ypwhich command 
returns valid 


information? 


Verify that a ypbind process is running. Enter the following command: 


# ps -e | grep yp 


If no ypbind process is running, stop and start NIS, using the following 
commands: 


# /sbin/init.d/nis stop 
# /sbin/init.d/nis start 


If a ypbind process is running, enter the ypwhich command: 


# ypwhich 


If the ypwhich command does not return an answer, kill the portmap 
process. Enter the following command: 


# kill -9 portmap PID 
Stop and start NIS, using the following commands: 


# /sbin/init.d/nis stop 
# /sbin/init.d/nis start 


If the ypwhich command displays inconsistent information when 
invoked several times in succession, your client system is changing the 
server system to which it is bound. This can occur over time, especially 
if your system is on a busy network or if the NIS servers are busy. 
Once all clients get acceptable response time from the NIS servers, 
the system will stabilize. 

If the ypwhich command reports that the domain is not bound, 

your system did not initially bind to a server system. Issue a ypcat 
command, then reissue the ypwhich command. 
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If an NIS command hangs, the following message is displayed on the 
\ console: 


NIS commands 
complete 


\ 
2 : : , 
Suc caSS milly yp: server not responding for domain domainname. 


Still trying 


Lesh The dient cannot communicate with the server. Complete the following 
steps: 


1. Use the rcmgr command to verify that the domain name 
returned by the domainname command matches the value of the 
NIS_DOMAIN entry in the server's /etc/rce.config.common file: 


# remgr get NIS CONF 


If the domain name does not match, or is not correct for your 
environment (note that the domain name is case-sensitive), 
reconfigure the client system by using the SysMan Menu utility. 
See Section 9.3 for more information. 


Problem still exists? Report it to 
your service representative. See 
Chapter 18. 


2. Verify that at least one NIS server for your domain is running on 
your local subnetwork. If there is not, reconfigure the dient by 
using the SysMan Menu utility, and choose to use the —s option to 
the ypbind command. 


3. Determine if other cients on the subnetwork are having problems 
with any of the NIS commands. 


4. Verify that ypserv daemon was started on the server by entering 
the following command: 
# rpcinfo -p server name 
Also, verify that the ypserv daemon is currently running on the 
server by entering the following command: 
# rpcinfo -t server name ypserv 2 
If the server fails either test, stop and restart NIS on the server 
as follows: 
# /sbin/init.d/nis stop 
# /sbin/init.d/nis start 


5. Look in the syslogd daemon message files for any NIS messages. 
See Section 16.10 for more information. 


6. Verify that theserver is running. See the solutions for solving NIS 
server problems in Section 15.9. 


If the previous steps do not solve the problem, complete the following 
steps: 


1. Stop and start NIS. Enter the following commands: 


# /sbin/init.d/nis stop 

# /sbin/init.d/nis start 

If this does not solve the problem, go to step 2. 

Reboot the system. 

Reconfigure NIS by running the SysMan Menu utility. 
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15.11 Solving NFS Server Problems 


NFS subset 
installed? 


NFS configured? 


portmap daemon 
started? 


NFS daemons 
registered? 


Verify that the NFS subset is installed. Enter the following command: 


# setld -i | grep OSFNFS 
If the subset is installed, the following message is displayed: 


OSFNFSnnn installed NFS(tm) Utilities 
(Network-Server/Communications) 


If the NFS subset is not installed, install it by using the setld 
command. See Systen Administration for more information on 
installing the subset. 


Use the remgr utility to display the value of the NFSSERVING entry in 
the /etc/rce.config.common file: 


# remgr get NFSSERVING 


If nothing is returned, run the SysMan Menu utility to configure your 
NFS server. See Section 10.3 for more information. 


Verify that the network software has been configured. See the solution 
at Network configured? in Section 15.3. 


Verify that the portmap daemon is running. Enter the following 
command: 


# ps -e | grep portmap 


If the portmap daemon is not running, stop and restart NFS by using 
the following commands: 


# /sbin/init.d/nfs stop 
# /sbin/init.d/nfs start 


If the portmap daemon does not start, reboot the server. 


Verify that the NFS daemons are registered with the portmap daemon. 
Enter the following commands: 


# rpcinfo —u server name mount 
# rpcinfo —u server name nfs 


If neither is registered, start NFS by using the following command: 


# /sbin/init.d/nfs start 
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\ To verify that the NFS daemons are running, complete the following 
steps: 


NFS daemons 
started? 


1. Verify that a mountd process is running. Enter the following 
command: 


# ps -e | grep mountd 
If a mountd process is running, go to step 2. If nomountd process 
is running, stop and start NFS by using the following commands: 
# /sbin/init.d/nfs stop 
# /sbin/init.d/nfs start 

2. Verify that an nfsd process is running. Enter the following 
command: 
# ps -e | grep nfsd 
If nonfsd process is running, stop and start NFS by using the 
following commands: 


# /sbin/init.d/nfs stop 
# /sbin/init.d/nfs start 


Alternatively, you can use the SysMan Menu utility to view the status 
of some NFS daemons. You can skip directly to the status dialog box by 
entering the following command: 


# /usr/sbin/sysman nfs daemon status 
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Files exported \ 
successfully? 


Problem still exists? Report it to 
your service representative. See 
Chapter 18. 


To verify that the files are being exported, complete the following steps: 


1, 


Verify that file is being exported. Enter the following command: 


# showmount —e 
If the file is being exported, go to step 3. 


If the file is not being exported, verify that the file has an entry in 
the /etc/exports file. If thereis no entry in the /etc/exports 
file, edit the file and create an entry. Have the remote system 
mount the file. 


If the file is being exported and the users cannot mount the file, 
use the rcmgr utility to display the value of the NONROOTMOUNTS 
entry in the /etc/rc.config file and determine if the users are 
allowed to mount the file: 


# remgr get NONROOTMOUNTS 


If the NONROOTMOUNTS parameter is 0, only users running as root 
can mount files from this server. To allow users not running as root 
to mount the files, enter the following command: 


# remgr set NONROOTMOUNTS 1 


Verify that the mountd daemon is running with Internet address 
checking on. Enter the following command: 


# ps -e | grep mountd 


If the -i option is displayed, the client’s name and address must 
bein the /etc/hosts file, or in the DNS or NIS hosts database. 
Only known hosts can mount the file system. If the -d or —s option 
is displayed, the client system must be in the same DNS domain 
or subdomain, respectively, as the server. 


If the mountd daemon is returning stale file handles for exported 
files, send a hangup signal (SIGHUP) to the mountd daemon to 
force it to reread the /etc/exports file. Enter the following 
commands: 


# ps -e | grep mountd 
# kill -1 mountd_pid 
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15.12 Solving NFS Client Problems 


NFS subset 
installed? 


NFS configured? 


portmap daemon 
started? 


Verify that the NFS subset is installed. Enter the following command: 


# setld -i | grep OSFNFS 
If the subset is installed, the following message is displayed: 


OSFNFSnnn installed NFS(tm) Utilities 
(Network-Server/Communications) 


If the NFS subset is not installed, install it by using the setld 
command. See Systen Administration for more information on 
installing the subset. 


Use the remgr utility to display the value of the NFS_CONFIGURED 
entry in the /etc/rce.config.common file: 
# remgr get NFS CONFIGURED 


If nothing is returned, run the SysMan Menu utility to configure your 
NFS dient. See Section 10.3 for more information. 


Verify that the network software has been configured. See the solution 
for Network configured? in Section 15.3. 


Verify that the portmap daemon is running. Enter the following 
command: 

# ps -e | grep portmap 

If the portmap daemon is not running, stop and restart NFS by using 
the following commands: 

# /sbin/init.d/nfs stop 

# /sbin/init.d/nfs start 

If the portmap daemon does not start, reboot the client. 
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If the client cannot mount a remote file system or directory, complete 


Remote files mounted ._ the following steps: 
successfully? 


1. If an error message is displayed on the user’s terminal, see 
Appendix D for the error message and a description. 


2. Verify that the remote NFS server is on your local network and 
in your hosts database. 


3. Verify that the server daemons on the remote system are running. 
Enter the following command: 
# rpcinfo -—p server name 

4. Verify that the server is exporting the files you want to mount. 
Enter the following command: 
# showmount -—e server name 


5. Seethesolutions for solving NFS server problems in Section 15.11. 
If the server is running and you still have problems, verify the 
Ethernet connections and the Internet connections between the 
client system and the remote server. 


6. Determine if other cients on the network are having problems 
with the remote server. 


7. Verify that the mount command line or the entry in the 
/etc/fstab file is correct, and verify the following: 
a. Thehost name matches the name of the remote NFS server. 


b. The mount point exists on your system. 
8. If you get an authentication error, verify the following: 


If you are not a superuser, the server allows nonroot mounts. 
b. Your host name is in the server’s hosts database. 


c. If your system is not in the same domain as the server, the 
server performs domain checking. See mount d(8) for more 
information on server options. 


Solving Network and Network Services Problems 15-51 


File-related tasks 
complete 


If application programs that perform file-related tasks do not complete 
\ their tasks or take a long time to do so, complete the following steps: 


2? i i 7 . 
sucessstully’ 1. If an error message is displayed on the user’s terminal, see 


Appendix D for the error message and a description. 


2. Verify that the server is running. See the solutions for solving 
NFS server problems in Section 15.11. If the server is running, 
verify that the nf£sd daemon is accumulating CPU time. If it is 
not, kill it and restart it. If this does not solve the problem, reboot 
the server. If the remote file systems or directories are mounted 
with the hard option, the program continues when the server is 
running once again. 


3. Determine if other cients on the network are having problems 
with the remote server. If they are not, verify that the Ethernet 
connections and the internet connections between the dient system 
and the remote server are working properly. 


Problem still exists? Report it to 
your service representative. See 
Chapter 18. 
4. Determine if any nfsiod daemons are running. Enter the 
following command: 


# ps -e | grep nfsiod 

If nonfsiod daemons arerunning, start some. Enter the following 
command: 

# /usr/sbin/nfsiod 7 


Although the nfsiod daemons are not necessary for a cient, they 
perform read-ahead and write-behind functions, which might make 
1/O faster. 


5. If file access requests succeed but file locking requests hang 
indefinitely, verify that the local rpc. statd and rpc.lockd 
daemons are running. Enter the following commands: 


# ps -e | grep rpc.statd 

# ps -e | grep rpc.lockd 

If they arenot running, start them. Enter the following commands: 
# /usr/sbin/rpc.statd 

# /usr/sbin/rpc.lockd 


Also, verify that the local rpc. statd and rpc. 1lockd daemons are 
running on the server. Enter the following commands: 


# xrpcinfo -—p server name | grep status 
# rpcinfo -p server name | grep lockmgr 


If they are not running, contact the server's system administrator. 
Alternatively, you can use the SysMan Menu utility to view the status 
of some NFS daemons. You can skip directly to the status dialog box by 
entering the following command: 


# /usr/sbin/sysman nfs daemon status 
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15.13 Solving UUCP Problems 
\ Verify that the uucp subset is installed. Enter the following command: 
uucp subset \ 
installed? ' # setld -i | grep OSFUUCP 
If the subset is installed, the following message is displayed: 
OSFUUCPnnn installed UNIX(tm) -to-UNIX (tm) Copy 
Facility (General Applications) 
If the uucp subset is not installed, install it by using the set1d 


command. See Systen Administration for more information on 
installing the subset. 


Basic Networking 
Services subset 


inslallee? # setld -i | grep OSFCLINET 


Verify that the Basic Networking Services subset (containing the tip 
\ and cu utilities) is installed. Enter the following command: 


If the subset is installed, the following message is displayed: 


OSFCLINETnnn installed Basic Networking Services 
(Network-Server/Communications) 


If the Basic Networking Services subset is not installed, install it 
by using the set1d command. See Systen Administration for more 
information on installing the subset. 


Look for entries in the Permissions, Devices, and Systems files 
\ in the /usr/1ib/uucp directory. If there areno entries, run the 


uucp utilities 
configured? uucpsetup script. See Section 11.3 for more information. 
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Network hardware \ 
configured? ) 


Dial-up to remote 


system successful? 1. 


Configure the network hardware as follows: 


Direct connections to remote host — Use a null modem or modem 
eliminator cable to connect your system to the remote host. 


Phone line connection to remote host — Use a cable to connect your 
system to a modem and another cable to connect your modem to a 
phoneline. The modem you use must be compatible with the modem 
at the remote host. Make sure the modem is configured as follows: 


- Forced data set ready (DSR) is disabled. 

- Full or verbose status messages are enabled. 
- Character echo is disabled. 

- Use 8-bit characters with no parity. 

- XON/XOFF flow control is disabled. 


TCP/IP connection to remote host — Use a cable to connect your 
system to the network. Then, run the Network Configuration 
application to configure the network. See Section 2.3 for more 
information on setting up the network. 


\ If you cannot dial up the remote system, verify the following: 


Make sure that the setup parameters (such as speed, parity, modem 
control, flow control, and other terminal characteristics) on the 
local and remote ends are properly defined for your modem type. 


Dial the number to the remote node. If you do not get an “Attached” 
message or a login prompt, plug a telephone handset into the local 
telephone line to verify that there is a dial tone. If you do not hear 
a dial tone, call you local carrier to fix this problem. If you get no 
message, verify that the cabling between the local system and the 
modem is properly installed and undamaged. 


If you get a dial tone, check that your modem is operational and 
perform diagnostic tests on your modem. See the modem manual 
for more information. 


From another handset, dial the local telephone line. If the local 
telephone rings and you can carry on a conversation, the telephone 
line on the local end is good. If you cannot pass voice traffic, or if 
thereis noring, call your local carrier to fix this problem. 


Repeat steps 2 and 3 on the remote node to resolve problems with 
the remote end. 


If the telephone line is operational, verify that the remote modem 
is set up to automatically answer incoming calls when the system 
raises the data terminal ready (DTR) signal. The system raises the 
DTR signal by issuing a uugetty or getty command on the port. 
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uucp commands \ 
complete \ 


successfully? 


tip commands 
complete 


successfully? 


sO 


Problem still exists? Report it to 
your service representative. See 
Chapter 18. 


Run the uucp tests to test the connection to the remote system. See 
Section 16.7 and Section 16.8. 


If you can establish a connection, but your file transfer eventually times 
out and exits, attempt to set the type of flow control that the uucico 
daemon uses, as described in Section 11.3.5 and the uucico(8) 
reference page. 


If the tip command does not execute successfully, complete the 
following steps: 


1. Verify that the system name, connection speed, and phone 
number are in the /etc/remote file or that the system name 
and connection speed are in the /etc/remote file and the 
phone number is in the /etc/phones file. See remot e(4) and 
phones(4) for more information. 


2. Examinethe at entry in the /etc/remote file. If the entry is 
correct, create an entry for the modem in the /etc/acucap file. 
See acucap(A4) for more information. 


3. Verify that the remote system is configured to answer incoming 
calls. 
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15.14 Solving NTP Problems 


Use the remgr utility to display the value of the XNTPD_CONF entry in 
NTP configured? \ the /etc/rce.config file: 


# remgr get XNTPD CONF 


If nothing is returned, run the SysMan Menu utility to configure NTP. 
See Section 12.3 for more information. 


# ps -e | grep xntpd 


NTP daemon 
started? 
Alternatively, you can use the SysMan Menu utility to view the status 
of the xntpd daemon. You can skip directly to the status dialog box by 
entering the following command: 


# /usr/sbin/sysman ntp_ status 


, Verify that an xntpd process is running. Enter the following command: 


If noxntpd process is running, start NTP by using the following 
command: 


# /sbin/init.d/xntpd start 


Server found? 


The hostname is not inthe /etc/hosts file, the DNS hosts database, 
tech or the NIS hosts database. Edit the appropriate file or database and 


***Can’t find host hostname 


If the ntpq or xntpdc command cannot find the server host, the 
\ following message is displayed: 


add an entry for the server host. 
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If you run one of the monitor programs and in the output from the 
\ peers command the reach column contains zeros (Os), complete the 
following steps: 


Server reachable? 


1. Contact the system administrator of the server and verify which 
tech NTP daemon the server is running. The entry for the server in the 


/etc/ntp.conf file must contain the phrase version x after 
the server name, as follows: 


server hostl version x 


2. Look inthe /etc/hosts file and verify that there is an entry for 
each NTP server specified in the /etc/ntp.conf file. If you are 
using either DNS or NIS for host information, verify that the 
hosts database has an entry for each NTP server. 


Ifthe xntpdc hostname command does not display any information, 
verify that the hostname server is running NTP. 
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If the ntpq or xntpdc request times out, the following message is 
\ displayed: 


Requests complete 
successfully? 


hostname: timed out, nothing received 
***Request timed out 


Complete the following steps: 
1. The hostname is not running the xntpd daemon. Contact the 
system administrator for that system. 


2. Thenetwork connection has gone down. See the solutions for Host 
reachable? at the beginning of this chapter. 


If you still cannot solve the problem, complete the following steps: 


Problem still exists? Report it to E Seth éiatilet k iene tri 
your service representative. See xamine the /etc/rc. config file to make sure it contains entries 


Chapter 18. similar to the following: 


NTPD_CONF="YES" 
xport XNTPD_ CONF 
NTP_SERV1=serverl 
xport XNTP_SERV1 
NTP_SERV2=server2 
xport XNTP_SERV2 
NTP_SERV3=server3 
xport XNTP_SERV3 
NTPD_OPTS="-g" 
export XNTPD_OPTS 


x OoOM OM OM O MK 


If this entry does not exist or is incorrect, run the SysMan Menu 
utility to configure NTP. See Section 12.3 for more information. 


2. Examinethe /etc/ntp.conf file and make sure the information 
in itis accurate. 1t must contain entries for hosts running NTP 
with which you want to synchronize system time. Make sure the 
correct version number is specified for each server and peer. Use 
the SysMan Menu utility to correct any entries. See Section 12.3 
for information. 


3. Lookin the /var/adm/syslog.dated/current /daemon.log 
file for information about NTP problems on the system. See 
Section 16.10 for more information. 
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15.15 Solving SLIP Problems 


Verify that the correct number of Serial Line Internet Protocol (SLIP) 
SLIP supported \ pseudodevices are supported in the kernel by using thenetstat -—in 
in kernel? » command. If SLIP is supported, information similar to the following is 
displayed for each interface: 
sl0* 296 <Link> 00000 
The si prefix indicates that SLIP is supported on the system. In this 
example there is one SLIP interface. 
If you need additional SLIP interfaces, specify them by adding 
the nslip=x attribute under the net: subsystem in the 
/etc/sysconfigtab file. See Systen Administration for information 
on adding more SLIP interfaces. 
On systems with 24 megabytes of memory, SLIP is not configured into 


the kernel. To add SLIP into the kernd,, edit the system configuration 
file (/usr/sys/conf hostname) and add the following entry: 


options SL 


See System Administration for more information. 


configured? 
e« Make sure the modem is configured as follows: 
Lesh - Use 8-bit characters with no parity. 
- Software flow control (XON/XOFF) is disabled. 
- For dial-in systems, follow the guidelines in Section 6.1.3.1. 


\ Configure the network hardware as follows: 
\. © Verify that you are using the correct hardware. See Section 6.1.2.1 
for more information. 


- For dial-out systems, follow the guidelines in Section 6.1.3.2. 


If a remote system cannot dial in to your system successfully, complete 
\ the following steps: 


1. Edit the /etc/slhosts file and include the debug option in the 


Dial in successful? 
(dial-in systems) 
login entry for the host that cannot login. See slhosts(A4) for 
Lesh more information. 
2. Instruct the remote user to dial in again. 
3 


Look in the /var/adm/syslog.dated/current /daemon. log 
file for information on SLIP problems on the dial-in system. See 
Section 16.10 for more information. 
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\ If you cannot dial out to the remote system, complete the following 
steps: 


Dial out successful? 
(dial-out systems) 


1. Verify that the modem is working correctly. 


Edit the /etc/acucap file and include the db option in your 
modem's entry. This option displays useful information for 
debugging a new entry. See acucap(A4) for more information. 


2. Verify SLIP setup. Do the following: 


a. Edit thestartslip dial-out script file and specify the debug 
subcommand and a debug log file. 


b. Try to dial out again. 


c. Lookin thedebug log file for information about SLIP dial-out 
problems. 


Connection 
to remote system 
successful? 1 


If you cannot communicate with the remote host and none of the debug 
\ messages shows an error, complete the following steps: 

Verify that the IP addresses and netmasks are correct on both ends 
of the connection. 


2. Examine the following SLIP configuration parameters at each end 
of the connection: 


e Internet Control Message Protocol (ICMP) traffic suppression 
— If enabled at either end of the connection, the ping command 
will fail. 


¢« TCP header compression — If enabled at one end, TCP header 
compression must be enabled or autoenabled on the other end. 


Connection 
to remote network 
successful? 1 


If you can communicate with the remote host but not the network 
\ connected to the remote host, complete the following steps: 


If your local system is using the remote system as a gateway 
system, issue the netstat -—rn command on the local system to 
verify that the remote SLIP address is the default gateway. 


2. On the gateway system (remote system), issue the iprsetup —d 
command to see if the ipforwarding and ipgateway variables 
areon. If the variables are off, usethe iprsetup -s command to 
turn them on. 


3. On the gateway system, verify that the gated daemon is running. 
See gat ed(8) for more information. 
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startslip command \ 
completes 


successfully? 


sO 


Problem still exists? Report it to 
your service representative. See 
Chapter 18. 


If the startslip command does not complete successfully, complete 
the following steps: 


iF 
2. 


Build your kernel with the PACKETFILTER option. 


Use the tcpdump command to examine packets sent and 
received through the SLIP interface. See t cpdump(8) for more 
information. 
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15.16 Solving PPP Problems 


PPP supported 
in kernel? 


Connection 
to remote system 
successful? 


Verify that the Point-to-Point Protocol (PPP) is supported in the kernel 
by using the sysconfig -s | fgrep ppp command. If PPP is 
supported, information similar to the following is displayed: 


ppp: loaded and configured 


If PPP is not supported, add options PPP into the /sys/conf /MACHINE 
system configuration file and rebuild the kernel. 


Configure the network hardware as follows: 


¢ Direct connections to remote host — Use a null modem or modem 
eliminator cable to connect your system to the remote host. 


e Phone line connection to remote host — Use a cable to connect your 
system to a modem and another cable to connect your modem to a 
phoneline. Themodem you use must be compatible with the modem 
at the remote host. Make sure the modem is configured as follows: 


- Use 8-bit characters with no parity. 
- All flow control is disabled. 


If you are logging messages to the console and the link comes up 
successfully, the following messages are displayed on the console: 


Local IP address: xxX.xxX.xXxX.xXx 
Remote IP address: yy.yy.yy-.yy 


If the link does not come up, look at the following: 


¢ Verify that the serial connection is set up successfully. Use the 
chat —v command to log the characters the chat program sends 
and receives. 


¢ Verify that pppd starts on the remote system. Use the chat -—v 
command to log the characters the chat program sends and receives. 


e« Examine the PPP negotiation between the two peers. Use the pppd 
command with the debug option to log the contents of all control 
packets sent and received. 
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Network applications 
complete 


successfully? 


se 


Problem still exists? Report it to 
your service representative. See 
Chapter 18. 


If network applications do not work successfully, this might indicate a 
problem with assigning IP addresses or routing. Do the following: 


Ae 


Use the netstat -i, netstat -r, ping, and traceroute 
commands to diagnose the problem. 


If you can communicate with the peer machine but not with 
machines beyond that in the network, there is a routing problem. 
For instances where the local machine is connected to the Internet 
through the peer, do the following: 


a. 


Assign the local machine an IP address on the same subnet as 
the remote machine. 


Run the local pppd daemon with the defaultroute option. 
Run the remote pppd daemon with the proxyarp option. 


On the peer system (remote system), issue the iprsetup —d 
command to determine if the ipforwarding and ipgateway 
variables are on. If these variables are off, use the iprsetup 
-s command to turn them on. 
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15.17 Solving LAT Problems 


LAT subset 
installed? 


Verify that the Local Area Transport subset is installed. Enter the 

following command: 

# setld -i | grep OSFLAT 

If the subset is installed, the following message is displayed: 

OSFLATnnn installed Local Area Transport (LAT) 
(General Applications) 


If the subset is not installed, install it by using the set1d command. 
See System Administration for information on installing the subset. 


Verify that Local Area Transport is configured in the kernel. Enter the 
following command: 
# sysconfig -q lat 


If no information is displayed, LAT is not configured in the kernel. 
Reconfigure the kernel with the LAT option. See System Administration 
for information on reconfiguring the kernel. 


Use the remgr utility to display the value of the LAT_SETUP entry in 
the /etc/rce.config file: 


# remgr get LAT SETUP 


If 0 is returned, run the latsetup utility. See Section 7.3 for more 
information. 


If latsetup fails while creating new LAT ttys, verify that the 
/usr/sbin directory is included in the search path. Enter the following 
command: 


# echo $PATH 


If it is not, include it in your PATH environment variable. Then, create 
new LAT ttys using the Llatsetup command. 
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\ Verify that LAT has been started. Enter the following command: 
LAT started? : 
» # Latep -d 


If LAT is running, the following line is displayed: 


tech LAT Protocol is active 
If LAT was not started, start it. Enter the following command: 


# latcp -s 
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If LAT starts and messages are continually displayed on the system 
\ console, look for the following messages and perform the required steps: 


console messages? ) Message 1 


getty: cannot open "/dev/lat/xx". 

Lesh errno: 2 
This means a LAT terminal device file (tty) does not exist and the 
/etc/inittab file contains an entry for this file. The latsetup utility 
will also report that no LAT entries are available. Do the following: 


Normal startup 


1. Edit the /etc/inittab file and remove the LAT getty entries. 


2. If LAT terminal devices are required, create the LAT terminal 
device files and corresponding entries in the /etc/inittab 
file by using the latsetup command. See lat setup(8) for 
information. 


Message 2 
getty: cannot open "/dev/lat/xx". 
errno: 19 


This means the kernel was not configured with the LAT option and the 
/etc/inittab file contains at least one LAT getty entry. Do either 
of the following: 


¢ Configure LAT into the kernel. See System Administration for 
information on configuring LAT into the kernd. 


e RemovetheLAT getty entries from the /etc/inittab file, either 
manually or by using the latsetup command. 


Message 3 


INIT: Command is respawning too rapidly. 
The following meanings are possible: 


e You are using an optional service name, such as lattelnet, and 
it is incorrectly defined. Do the following: 


1. Verify that the optional service name defined by the latcp -A 
command is correct by using the latcp —d command. 


2. Edit the /etc/inittab file and verify that a LAT entry has 
the optional service name specified correctly. 


e« An attempt was made to use a nonexistent LAT terminal device 
(tty). Do the following: 


1. Edit the /etc/inittab file and remove the entry with the 
nonexistent terminal device name. 


2. If LAT terminal devices are required, create the LAT terminal 
device files and corresponding entries in the /etc/inittab 
file by using the latsetup command. See Latsetup(8) 
for more information. 
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Connection to 
host successful? 


If the user cannot connect to or display a service from a terminal server 
\ via LAT, complete the following steps on the system: 


1. 


Verify that the service name is correct, using the latcp -d 
command. If the service name is incorrect, delete the service with 
the incorrect name. Enter the following command: 

# latcp —D -aservice name 

Then, add a service with the correct name. Enter the following 
command: 

# latcp -A —aservice name 

See Latcp(8) for more information. 


Display the group codes for the service to which the user is 
attempting to connect, using the latcp —d command. Check if 
any group code matches a group displayed by using the show port 
command at the terminal server. If no group code matches, do 
either of the following: 


e Add at least one group displayed by the port to the service. 
Enter the following command: 
# latcp -glist -aservice name 


¢ Change the port characteristics at the terminal server by 
adding a group that matches the service. 


See Latcp(8) for more information. 


Check if LAT is started on the system. If it is not, start it. Enter 
the following command: 


# latcp —s 
If the problem persists, restart LAT. Enter the following command: 


# latcp -s 
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Connection to \ 
optional service \ If problems occur when using an optional service, complete the following 


successful? steps: 


1. Verify that the service was added as an optional service. Enter 
the following command: 


# latcp -d 
Look for the following line: 


Service name: name (Optional) 

If Optional is not displayed, the optional service was not defined 
with the -o option. Delete the service. Enter the following 
command: 

# latcp —D -aservice name 

Then, add the service with the correct name and the -o option. 
Enter the following command: 

# latcp —A -aservice name —o 

See Llatcp(8) for more information. 


2. Verify that the optional service name matches the name defined in 
the /etc/inittab file. If it does not, do either of the following: 


e Edit the /etc/inittab file and specdfy the optional service 
name. 


¢« Delete theservice. Enter the following command: 


# latcp —D -aservice name 


Then, add the service with the correct name and the -o option. 
Enter the following command: 


# latcp —A -aservice name —o 


See Latcp(8) for more information. 


\ If the user cannot connect to a host using LAT, the following messages 


Sufficient are displayed: 
resources at host? ; 
Connection 
to node-name not established. 
Service in use. 
tech The /etc/inittab file does not contain a sufficient number of 
getty entries. Create more LAT terminal devices (ttys) and add 


their corresponding entries into the /etc/inittab file by using the 
latsetup command. Then, restart LAT to advertise the available 
services. Enter the following command: 


# latcp -s 
See Section 7.3 for information. 
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Host-initiated 
connection 


successful? 


Printing on LAT port 


successful? 


If a host-initiated connection fails, verify that the port, host, and service 
names are specified correctly. Enter the following command: 


# latcp -d -P —-L 

If these names are not specified correctly, delete the application ports 
with the incorrect names. Enter the following command: 

# latcp —D —pport name 


Then, add the application ports, using correct spelling. To create 
the application port by specifying the remote port to which the LAT 
terminal device is to be mapped, use the following command: 


# latcp —A —plocal port —Hnode -—Rrem port 


Or, to create the application port by specifying the remote service name 
to which the LAT terminal device is to be mapped, use the following 
command: 


# latcp —A —plocal port —Hnode —Vsvc_name 


See lat cp(8) for information. 


Note 
When you delete an application port for a LAT printer, any 
print operations that are currently executing continue 
until the printer buffer is empty. The print job might not 
be complete. 


If you print a file toa printer attached to a LAT application port, the 
printer is online, and no printing occurs, look at the status of the print 
queue. Enter the following command: 


# lpe status 
The following line might be displayed: 


waiting for printer to become ready (offline ?) 


If this lineis displayed, verify that LAT has been started. Enter the 
following command: 


# latcp -d 
If LAT has not been started, start it. Enter the following command: 


# latcp -s 
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Connection using 
LAT/Telnet gateway 
successful? 


Connection 
stays up? 


Problem still exists? Report it to 
your service representative. See 
Chapter 18. 


If problems are encountered with the LAT/Telnet gateway, look in 

the /var/adm/syslog.dated/current /daemon.1og file for error 
messages. Use the error messages to diagnose the problem. See 
Section 16.10 for more information on viewing the daemon. 1og file. 
The lattelnet utility uses the syslog message priority of LOG_INFO. 
For example, if you edit a LAT terminal entry in the /etc/inittab 
file, reassign it to lattelnet whilea getty process is still active for 
the terminal, and a user tries to connect to lattelnet, the connection 
will fail. The following error message is posted in the daemon. 1og file: 


No such file or directory 


Terminate the getty process for the terminal port. 


If the LAT connection terminates abnormally, complete the following 
steps: 


1. Examine the LAT terminal device (ttys) files for duplicate minor 
numbers. Enter the following command: 
# ls -1 /dev/lat/* 


If any exist, remove the duplicate device files, leaving the original 
file. 


2. Lookin the /etc/inittab file for duplicate LAT entries. Remove 
the duplicate entries, leaving the original entry. 


15-70 Solving Network and Network Services Problems 


15.18 Solving sendmail Problems 


sendmail 
configured? 


sendmail daemon \ 
started? 


Verify that mail is configured by switching to the /var/adm/sendmail 
directory and checking for the presence of the sendmail.cf and 
sendmail.cf.orig files. 


If one of the files does not exist, run the SysMan Menu utility to 
configure mail. See Section 12.3 for more information. 


Verify that the sendmail command has been started. Enter the 
following command: 


# ps -e | grep sendmail 


If sendmail is not running, start it using the following command: 


# /sbin/init.d/sendmail start 


If a user cannot send mail to another user, complete the following steps: 


Determine if the aliases database was changed. If it was, update 
the database by using the newaliases command. 


2. Look in the mail.1log files generated by the syslogd daemon for 
the specific mail message. If the message reached its destination, 
the addressee is not on the destination system. Verify that the 
user has the correct address. See Section 16.10 for information on 
viewing the syslogd message files. 
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If you sent a mail message and the recipient did not receive it, complete 
\ the following steps: 


Message received 
by recipient? 


1. Verify that the address is correct. 


2. Verify that the remote node is reachable by using the ping 
command. 


3. Look in themail.1log files generated by the syslogd daemon 
for the sender's user name. See Section 16.10 for information on 
viewing the syslogd message files. If you find an entry, write 
down the message! D. If no entry is found, send the message again. 


4. Using themessage 1D, search through the mail .1og files for the 
"from" and "to" entries. I1f you find a "from" entry but no "to" entry, 
either sendmail did not receive the message or the message was 
corrupted. Look in the /var/spool/mqueue directory for files 
containing the message! D by entering the following command: 


# 1s -1 /var/spool/mqueue/*fmessage ID 


Possible outcomes include: 


¢ The qf*message_ID control file is present but the 
(df£*message_ID) data file is not. The message was lost. 


« A“from" entry and a "to" entry exist, and the status is deferred. 
The message is in the queue. 


¢ There is no corresponding sent entry. Use the mailg command 
to report the reason for the deferral. 


« A "from" entry and a "to" entry exist, the status is sent, and 
the message was delivered. If a local delivery, the message 
reached the destination. If a remote delivery, have the system 
administrator on the remote host search for the message. 


\ If sendmail is not working correctly, complete the following steps: 


Mail works as 


expected? 1. Look in the rejected message for an error message. 


2. Look for error messages in the mail .1log files generated by the 
syslogd daemon. See Section 16.10 for information on viewing 
the syslogd message files. 


See Appendix F for a list of sendmail error messages. 


Problem still exists? Report it to 
your service representative. See 
Chapter 18. 
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15.19 Solving POP and IMAP Problems 


Additional \ 
Networking Services 


subset installed? 


Verify that the Additional Networking Services subset is installed on 
the server. Enter the following command: 

# setld -i | grep OSFINET 

If the subset is installed, the following message is displayed: 


OSFINETnnn installed Additional Networking Services 
(Network-Server/Communications) 


If the subset is not installed, install it by using the set 1d command. See 
Systen Administration for more information on installing the subset. 


If the user cannot connect to the Post Office Protocol (POP) or Internet 
Message Access Protocol (IMAP) server: 


Pr 


Verify that the user is connecting to the correct server. 
2. Verify that the server is reachable by using the ping command. 


3. Verify the POP or IMAP entries in the /etc/passwd, 
/etc/services, and /etc/inetd.conf files on the server, as 
described in Section 13.4.1 and Section 13.5.1. If necessary, restart 
network services to effect the changes. 


Verify that the user has specified a valid user name and password. Use 
the mailusradm utility to verify the existence of the POP or IMAP 
account on the server or to change the password, if necessary. 
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Mail retrieval \ 


successful? \. If auser cannot retrieve mail from the POP or IMAP server: 


1. 


Mail delivery \ 
successful? 1. 


1 
Problem still exists? Report it to 
your service representative. See 2. 
Chapter 18. 


3. 


Verify that the user has a POP3 or IMAP 4-compatible mail 
program. 


For POP, look in the /usr/spool/mail directory for a lock file 
named after the user. If one exists, delete the file to remove the 
lock. 


For IMAP, verify that the user has proper ACLs for the IMAP 
mail folder by using the cyradm command. See Section 13.5.8 
and cyradm(8). 


Look in the mail .log files generated by the syslogd daemon 
for error messages related to POP or IMAP. See Section 16.10 for 
information on viewing the syslogd message files. 


Create a directory with the user's account name in the 
configdirectory/log directory (usually, the log directory is 
/var/imap/log, seethe /etc/imapd.conf file for the location of 
the configdirectory on your system). When the user attempts 
to access the server, examine the log of the session to see where 
the error occurs. 


If the user is not receiving new mail: 


Look in the mail .1og files generated by the syslogd daemon for 
errors. See Section 16.10 for information on viewing the syslogd 
message files. 


For IMAP, look at the user and quota configuration directories 
to verify that subdirectories a through z exist (see Section 13.5.2), 
that the subdirectories contain the proper files for the given 

user (See Section 13.5.6), and that all directories and files under 
/var/imap and /var/spool/imap are owned by the imap user. 


If the user cannot send mail: 


Verify that the user is connecting to the correct SMTP server. 


Verify that the SMTP server is reachable by using the ping 
command. 


See Section 15.18 on solving sendmail problems. 
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16 


Using the Problem Solving Tools 


To help you resolve problems with network hardware, the network itself, and 
various network services, the operating system provides problem solving 
tools to help you do the following tasks: 


¢ Detect network interface failures 

e Test access to network hosts on the Internet network 

¢ Display network statistics 

¢ Display and modify the Internet to Ethernet translation tables 
¢ Display a datagram’s route to a network host 

e Display headers of packets on the network 

e Test a UUCP remote connection 

e« Monitor a UUCP file transfer 

e Display the error log file 

¢ Display the syslogd daemon message files 


16.1 Detecting Network Interface Failures 


Use the Network Interface F ailure Finder (NIFF) utility to detect and report 
possible failures in network interface cards or their connections. 


Once you specify an interface to monitor by using the niffconfig 
command, the kernel Traffic Monitor Thread (TMT) checks the connectivity 
of the monitored interface and, if necessary, informs the NIFF daemon 
(nif£d) to generate traffic for the network interface that is determined to 
have failed. If the niffd daemon cannot get the interface packet counters 
toincrement, signifying that the interface is alive and well, it reports the 
problem to the Event Manager subsystem. 


You can use NIFF asa standalone reporting utility, or you can configurea 
NetRAIN interface (as discussed in Section 2.4), a virtual interface which 
incorporates the NIFF technology and provides automatic failover for 
selected network interfaces on your system. 


See niff(7) and niffconfig(8) for moreinformation about the NIFF utility. 
See Appendix A and netstat(1) for more information about monitoring 
network interfaces. 
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16.2 Testing Access to Internet Network Hosts 


Use the ping command to test your system’s ability to reach a host on the 
Internet network. The ping command has the following syntax: 


/usr/sbin/ping [ options... ] hostname 
Table 16-1 describes some of the ping command options. 


Table 16-1: Options to the ping Command 
Option Function 


—c¢ count Specifies the number of ECHO RESPONSE pack- 
ets to send and receive. 


-I interface Specifies the interface over which to send packets. 


—R Includes the RECORD_ROUTE option in the packet and 
displays the route buffer on returned packets. 


-r Executes the ping command for a host directly connected to 
the local host. With this option, the ping command bypasses 
normal routing tables and sends the request directly to a host 
on an attached network. If the host is not on a directly attached 
network, the local host receives an error message. 


-V Specifies the IP version number (4 or 6) of the address 
returned by the resolver when a host name has both | Pv4 
and I Pv6 addresses. By default, ping tries to resolve host 
names as an | Pv6 address then | Pv4 address. 


The ping command sends an Internet Control Message Protocol (ICMP) 
echo request to the host specified. When the request is successful, the 
remote host sends the data back to the local host. If the remote host does not 
respond to the request, the ping command does not display any results. 


To terminate the ping command output, press Ctrl/C. When terminated, 
the ping command displays statistics on packets sent, packets received, 
the percentage of packets lost, and the minimum, average, and maximum 
round-trip packet times. 


You can use the output from the ping command to help determine the cause 
of direct and indirect routing problems such as an unreachable host, a 
timed-out connection, or an unreachable network. 


When using the ping command for fault isolation, first test the local host 

to verify that it is running. If the local host returns the data correctly, use 
the ping command to test remote hosts farther and farther away from the 
local host. 
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If you do not specify command options, the ping command displays the 
results of each |CMP request in sequence, the number of bytes received from 
the remote host, and the round-trip time on a per-request basis. 


The following example shows the output from a ping command toa host 
named host 1: 


2 


% ping hostl1 

PING hostl.corp.com (16.20.32.2): 56 data bytes 

64 bytes from 16.20.32.2: icmp _seq=0 tt1l=255 time=11 ms 
64 bytes from 16.20.32. icmp _seq=1 ttl=255 time=3 ms 
64 bytes from 16.20.32. icmp seq=2 ttl=255 time=7 ms 
64 bytes from 16.20.32. icmp seq=3 ttl=255 time=3 ms 
64 bytes from 16.20.32. icmp _seq=4 ttl=255 time=7 ms 
64 bytes from 16.20.32. icmp _seq=5 ttl=255 time=3 ms 
Ctrl/C 
----hostl.corp.com PING Statistics--- 

6 packets transmitted, 6 packets received, 0% packet loss 
roundtrip (ms) min/avg/max = 3/5/11 ms 


DONNNNN 


The ping command accepts an |Pv4 address, |Pv6 address, or node name on 
the command line. The following example specifies an |Pv6 address: 


# ping -c 2 5F00:2100:108C:4000:8C40: 800: 2B2D:2B2 

PING (5F00:2100:108C:4000:8C40:800:2B2D:2B2): 56 data bytes 

64 bytes from 5F00:2100:108C:4000:8C40:800:2B2D:2B2: icmp6é seq=0 
hlim=58 time=17 ms 

64 bytes from 5F00:2100:108C:4000:8C40:800:2B2D:2B2: icmp6é seq=1 
hlim=58 time=17 ms 

----5F00:2100:108C:4000:8C40:800:2B2D:2B2 PING Statistics---- 

2 packets transmitted, 2 packets received, 0% packet loss 

round-trip (ms) min/avg/max = 17/17/17 ms 


The command sends appropriate ECHO REQUEST packets based on the 
address family being used. In some cases, a single node name might resolve 
to both an |Pv4 and IPv6 address. Use the -v4 or -v6 option specify which 
address to use. 


You can also use the -1I flag to force the use of a specific interface. For 
example: 


# ping -I 1n0 FE80::800:2B2D:2B2 


See ping(8) for more information on this command and its options. 


16.3 Displaying Network Statistics 


Use the netstat command to display network statistics for sockets, 
interfaces, and routing tables. Thenetstat command accepts either the -£ 
inet or -£ ineté flag tolimit the data displayed to either | Pv4 or | Pv6, 
respectively. For example, thenetstat -f inet6é -rn command displays 


Using the Problem Solving Tools 16-3 


only IP v6 routing table entries, as opposed to the default, which displays 
both |Pv4 and | Pv6 entries. 


Thenetstat -s command displays statistics for all protocols, including 
IPv6 and ICMPv6. See netstat(1) for more information. 


16.4 Displaying and Modifying the Internet (IPv4) to MAC 
Address Translation Tables 
You can display and modify the Internet to Media Access Control (MAC) 
address translation tables used by the Address Resolution Protocol (ARP) 


to help diagnose direct | Pv4 routing problems resulting from the following 
circumstances: 


¢ A source host has incorrect Ethernet address information for a 
destination host 


¢ Two hosts have the same |IPv4 address 


Although you can work around this problem by modifying the translation 
tables, it is best to change one host’s | Pv4 address to permanently 
resolve the conflict. 


Usethe arp -a to display the entries in the Internet to MAC address 
translation tables. To modify the tables, log in as root and use the arp 
command as follows: 


/usr/sbin/arp [options ] hostname 


The following example shows the Ethernet address for an | Pv4 host named 
host1. Thesystem response tells you that the Ethernet address for host1 
is aa-00-04-00-8f-11. 


# /usr/sbin/arp host1 
hostl1 (16.20.32.2) at aa:0:4:0:8f:11 permanent 


The following example shows how to temporarily add host 9 to the system 
translation tables: 


# /usr/sbin/arp -s host9 0:dd:0:a:85:0 temp 


The following example shows how to remove hosts from the system 
translation tables: 


# /usr/sbin/arp —d host8 
See arp(8) for more information on this command. 
16.5 Displaying a Datagrams’s Route to a Network Host 


You can display a datagram’s route to a network host to manually test, 
measure, and manage the network. 
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To display a datagram’s route, use the traceroute command with the 
following syntax: 


traceroute [ options... ] hostname [ packetsize 
Table 16-2 describes some of the traceroute command options. 


Table 16—2: Options to the traceroute Command 
Option Function 


—m max_ttl Sets the maximum time-to-live (tt1) used in 
outgoing probe packets. The tt1 parameter 
specifies the maximum number of hops a 
packet can take to reach its destination. 
The default is 30 hops. 


—n Displays hop addresses numerically only, rather 
than both numerically and symbolically. 


—p port Sets the base User Datagram Protocol (UDP) port 
number to be used in outgoing probe packets. 
The default is 33434. The port information is 
used to select an unused port range if a port 
in the default range is already used. 


=e Bypasses the normal routing tables and sends 
the probe packet directly to a host on an 
attached network. If the host is not on a 
directly attached network, the traceroute 
command returns an error. 


-s IP_address_number Uses the specified | P address number as the source 
address in outgoing probe packets. On hosts with 
more than one IP address, this option forces the 
traceroute command to use the specified source 
address rather than any others the host might 
have. If the IP address is not one of the receiving 
host’s interface addresses, the command returns 
an error and does not send a probe packet. 


—t type-of-service value Sets the typeof-service in probe packets to the 
specified value. The default is zero. The value 
must be a decimal integer in the range 0--255. 
This option tells you if different types of service 
result in different paths. This option is available 
only in Berkeley UNIX (4.4BSD) environments. 
Not all types of service are legal or meaningful. 
Useful values for this option are 16 (low delay) 
and 8 (high delay). See RFC 791, Interne Protocol 
for more information on types of service. 


-v Displays verbose output, which includes received 
ICMP messages other than time exceeded 
and port unreachable. 
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Table 16-2: Options to the traceroute Command (cont.) 


Option Function 


-V version Specifies the |P version number (4 or 6) of the 
address returned by the resolver when a host 
name has both IPv4 and IPv6 addresses. By 
default, traceroute tries to resolve host names 
as an |Pv6 address then | Pv4 address. 


—w wait_time Sets the time (in seconds) to wait for a response 
to a probe. The default is 3 seconds. 


packetsize Sets the packet size (in bytes) for the probe 
packet. The default size is 38 bytes. 


The traceroute command sends UDP packets (known as probe packets) 
to an unused port on the remote host, and listens for |CMP replies from 
IP routers. It sends the probe packets with a small tt 1 parameter, which 
specifies the maximum number of hops a packet can take to reach its 
destination. The traceroute command starts by specifying a tt1 of one 
hop and it increases the tt1 by one for each probe packet it sends. It 
continues sending probe packets until a packet reaches the destination or 
until the tt1 reaches the maximum number of hops. 


In response to each probe packet, traceroute can receive one of the 
following ICMP messages: 


* time exceeded 


The IP router that received the probe packet cannot forward it any 
further due tothe tt1 value. This message tells you which IP routers 
are processing the packets. 


°* port unreachable 


The probe packet reached its indended destination, but could not access 
the intended port. 


When traceroute sends three probe packets (datagrams) for each tt1 
setting, it displays a line showing the following: 


etd 
¢ IP address of the host or router that responded 
¢« Round-trip time of each probe datagram/I CMP response 


If multiple |P routers respond to the probe, the traceroute command 
displays the address of each IP router. If the traceroute command does 
not elicit a response in 3 seconds (the default wait time), an asterisk (*) 
is displayed for the probe. 


The following example shows a successful traceroute command to host2: 
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% traceroute host2 


traceroute to host2 (555.55.5.5), 30 hops max, 40 byte packets 
1 host3 (555.55.5.1) 2 ms 2 ms 2 ms 
2 host5S (555.55.5.2) 5 ms 6 ms 4 ms 
3 host7 (555.55.5.3) 7 ms 7 ms 6 ms 
4 host2 (555.55.5.5) 12 ms 8 ms 8 ms 


The traceroute command with the host argument prints the route that 
packets take to both IPv4 and I Pv6 hosts. 


See traceroute(8) for more information about this command and its 
options. 


16.6 Displaying Headers of Packets on the Network 


You display packet headers on the network when you want to monitor the 
network traffic associated with a particular network service. This is usually 
done to determine whether requests are being received or acknowledged, or 
to determine the source of network requests, in the case of slow network 
performance. 


Use the tcpdump command to display packet headers for a network 
interface. This command enables you to specify the interface on which to 
listen, the direction of the packet transfer, and the type of protocol traffic to 
display. In addition, it enables you to identify the source of the packet. See 
tcpdump(8) for more information. 


Note 


In order to use the tcpdump command, the packetfilter option 
must be configured into the kernel and the system rebooted. See 
packetfilter(7) for more information. 


16.7 Testing a UUCP Remote Connection 


Testing a uucp remote connection can help you diagnose certain UUCP 
problems; for example, to determine why there is a backlog of transfer 
requests in the queue. 


To test a remote connection, do the following: 
1. Login as root. 


2. Changetothe /usr/1lib/uucp directory by using the cd command. 


3. Test the remote connection by using the uutry command, using the 
following syntax: 


uutry system_name 
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The system_name variable names the remote system to contact. 


4. Examine the debugging output; the last line contains the status of the 
transaction. If your local system establishes a connection to the remote 
system, the debugging output contains a good deal of information. You 
can press Ctrl/C to stop the uutry shell script. 


The uutry command has the following characteristics: 
¢ [tis ashell script stored in the /usr/1ib/uucp directory. 


e [t contacts a remote system with debugging turned on. If you are 
using the UUCP scheduler, uusched, to start uucico automatically at 
specified intervals, the uutry command overrides the retry time interval 
specified in the /usr/spool/uucp/.Status/system_name file. 


If you use the uutry command frequently, you can put the pathname to 
the command in the PATH entry in your .profile file. 


e |t directs debugging information toa filenamed /tmp/system_name, 
where system_name is the name of the local system. The uutry 
command then executes a tail —f£ command to display the file’s 
contents. 


If your local system cannot contact the remote system, do the following: 


1. Validate the physical connections between the local and remote systems. 
At both systems, confirm that the computer is turned on, that all the 
cables are properly connected, that the ports are enabled, and the 
modems (if being used) are working. If the remote system is not at your 
physical location, contact the administrator of the remote system. 


2. Verify all configuration files on both systems. Verify that all entries in 
the Devices, Systems, and Permissions files are correct. If you are 
using a modem, verify all entries in the Dialers and Dialcodes files. 


If you are using a TCP/IP connection, verify that the configuration files 
contain the correct TCP entries. Verify that the inetd daemon can 
start the uucpd daemon. Edit the /etc/inetd.conf file and delete 
the comment character (# from the beginning of the line containing the 
uucp entry. Restart the inetd daemon by using the following command: 


# /sbin/init.d/inetd start 


Always save the debugging output produced by the uutry command until 
you are certain that the problem is resolved. 


The following example shows a successful test of a remote connection to 
system hosté6: 


# /usr/lib/uucp/uutry host6 
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Conversation Complete: Status SUCCEEDED 


The following example shows an unsuccessful test of a remote connection 
to system hosté6: 


# /usr/lib/uucp/uutry host6 


mchFind called (host6) 

conn (hosté6) 

getto ret -1l 

Call Failed: CAN’T ACCESS DEVICE 
exit code 101 

Conversation Complete: Status FAILED 


16.8 Monitoring a UUCP File Transfer 


Monitoring a uucp file transfer enables you to diagnose other UUCP 
problems, especially if you can already establish a remote UUCP connection. 


To monitor a file transfer, do the following: 
1. Verify the status of the files in the spooling directory on your local 
system by using the uustat —gq command. 


2. Verify that the local system can contact the remote system by using the 
uutry system name command. 


3. 1fthedebugging output indicates that the connection was not successful, 
follow the steps described in Section 16.7 to test the remote connection.. 


4. Preparea file for transfer by using the uucp —r command. The-r 
option instructs uucp to place the file in the queue without starting 
the uucico daemon. 


Start the file transfer by using the uutry command. 
See uutry(1) for additional information on this command. 
The following example sends the test1 file to the system host6: 


# uucp —-r testl host6! ~/testl 
# /usr/lib/uucp/uutry host6 


16.9 Viewing the Error Log File 


To diagnose kernel and hardware errors, you can look at the system events 
that occurred prior tothe errors. Messages from system events, such as 
error messages relating to the software kernel and system hardware, and 
informational messages about system status, startup, and diagnostics, are 
recorded in the binary error logfile, /var/adm/binary.errlog. 
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16.10 


Because this log file is in binary format, the operating system offers special 
utilities, DECevent and Compaq Analyze, that read the binary log file and 
run the data through a formatter to display the information. See dia(8) 
and ca(8) for more information about DE Cevent and Compag Analyze, 
respectively. 


Note that these utilities are not available in the operating system by default; 
you must install the Web-Based Enterprise Services (WEBES) kit, a suite of 
diagnostic utilities, to obtain them. WEBES is available for installation from 
the Associated Product CD-ROMs or for download from the following URL: 


http://www.support.compaq.com/svctools/webes 


See the Systen Administration guide for information about using the Event 
Viewer to present errors as interpreted by DECevent and Compaq Analyze. 
Also, see uerf(8) for an alternative to these utilities. 


Viewing the syslogd Daemon Message Files 


You can use the syslogd daemon to help diagnose session layer problems 
such as access control problems for the Internet Protocol Version 4 (IPv4) 
and Internet Protocol Version 6 (I Pv6). 


The syslogd daemon starts running when you boot the system and 
whenever it receives a hangup signal. By default, it records the system 
messages for these events in a Set of files in the /var/adm/syslog.dated 
directory (as specified in the /etc/syslog.conf file). The system messages 
can indicate error conditions or warnings, depending on the priority codes 
they contain. 


Although it is possible to review the contents of the system message files 
from the command line, it is best to use the Event Viewer that is part of the 
SysMan Menu utility, because it simplifies access to the files and makes it 
easier for you to find particular problems. To start the Event Viewer, invoke 
the SysMan Menu as decribed in Section 1.1.1, then select Monitoring and 
Tuning>View events. Alternatively, you can invokethe Event Viewer froma 
command line by entering the following command: 


# /usr/bin/sysman event viewer 


Once the Event Viewer is displayed, you can use it to sort the log entries, 
filter the entries (for a certain event name, priority level, posting host, or 
date), and obtain more detailed information about individual entries. 


For more information about event management and accessing the system 
log files, see evm(5), syslogd(8), the System Administration guide, and the 
online help. 
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Testing DNS Servers 


In concept, testing DNS/BIND servers consists of locating the information 
you need. In practice, testing DNS servers involves tracing through a 
network of servers and their databases to find the server responsible for 
the information. This section describes the tests you can use to locate the 
information. 


17.1 Glossary 


The following terms are used in this section. Refer to them as needed during 
the problem solving tests. 


authoritative server 


A server that stores information locally. Master and slave servers are 
examples of authoritative servers. They have primary and secondary 
authority, respectively, for a given domain. 


In contrast, a server that is not authoritative must ask other servers for 
information about the target host. A forward-only server is an example of 
this type of server because it forwards queries to a list of forwarders that 
can answer such requests. 


current server 
The server you are currently logged in to and running tests from. 


data types 


The types of resource records in the DNS database files. See named(8) for a 
complete list and explanation. 


forwarder 


A server that can answer DNS queries from data in its databases and cache, 
whether or not it is authoritative for the information. Forwarder entries can 
be in the named. conf file. 


nameserver (NS) record 


Nameserver records map a domain name to a system that serves the domain, 
and determine whether a system is familiar with the name servers for the 
authoritative domain. Nameserver records have the following form: 


domain-name IN NS machine-name 
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On the left is the domain name; on the right is the name of the machine that 
services the domain. 


master server 


A server that stores the main copy of a target domain’s databases. A master 
server has primary authority for name service information in a given domain. 


slave server 


A server that pulls a copy of the target domain’s data from another server. 
In most cases, the data is pulled from a master server. However, in some 
cases, the data is pulled from another slave server. 


A slave server has secondary authority for name service information in a 
given domain. 


start of authority (SOA) record 


Start of authority records mark the start of a zone of authority. They 
occur at the beginning of each master database file. SOA records have the 
following form: 


domain-name IN SOA machine-name 


target domain name 
The portion of the target host name that begins after the first period (.). 


target host 
The host name you are trying to resolve. The target domain name is derived 
from the target host name. 


17.2 DNS Server Testing Worksheet 


Figure 17-1 shows the DNS Server Testing Worksheet, which you can use 
to record information from the tests in the following sections. If you are 
viewing this manual online, you can use the print feature of your browser to 
print a copy of this worksheet. On a copy of the worksheet, write the current 
server’s name, current domain name, and target domain name. 
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Figure 17-1: DNS Server Testing Worksheet 


DNS SERVER TESTING WORKSHEET Sheet ij of 
Current server: 
Server type: 


Current domain name: 
Target domain name: 


named.conf file Server IP address Reachable 


F . Yes No 
Domain name: Yes No 
Database file name: Yes No 
Serial number: _sCdYt’S No 
Administrative 
Nameserver name IP address Control Reachable 


Yes No Yes No 
Yes No Yes No 
Yes No Yes No 
Yes No Yes No 


Administrative 


Forwarder IP address Control Reachable 

Yes No Yes No 

Yes No Yes No 

Yes No Yes No 

Yes No Yes No 

Cache file: Yes No 
Nameserver name Server IP address Server IP address Reachable 

Yes No 

Yes No 

Yes No 

Yes No 


17.3 Starting the DNS Server Test 


To determine if the current server can resolve the target data, complete the 
following steps: 


1. Determine whether the current server can access the target data. Use 
the following commands: 
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# nslookup 
Default Server: hostl.corp.com 
Address: 127.0.0.1 


> server localhost 
Default Server: localhost.corp.com 
Address: 127.0.0.1 


> set timeout=45 
> set retry=2 
> target host.target domain. 


If the nslookup Action: 

command: 

Succeeds Go to step 3. 

Fails If the first time, go to step 2. 


If the second time, go to Section 17.4. 


2. Determine whether the named daemon is running by using the following 
command: 


# ps gax | grep named 


If the named Action: 
daemon is: 


Running Go to step 1. 


Not running Start the daemon by using the /sbin/init .d/named 
start command. If the|nternet name service started 
message is displayed, go to step 1. 


If the message is not displayed, this machine is not configured 
as a DNS server. Decide how the machine is to be configured. 
See Section 8.5 for more information. 


3. Login tothe client system and use the nslookup command totry to 
access the target data. 
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If the nslookup Action: 


command: 
Succeeds STOP. The client can resolve the target data. 
Fails The server knows the information, but is not 


transferring it to the client. Log out from the 
client; restart DNS on the server by using the 
/sbin/init.d/named restart command; login 
to the dient; and use the nslookup command. If it 
cannot resolve the target data, you have the wrong 
server or the DNS server is malfunctioning. 


17.4 Determining the Server Type 


To determine whether the current server is a master server or a slave server, 
complete the following steps: 


1. Compare the target domain name with all domain names of the master 
and slave entries in the /etc/named.conf file. These entries have 
the following form: 


zone "domain" { type server-type; file 
"filename.db"; }; 


The following example shows the zz.bb.cc. target domain and subsets of 
this target domain: 


# cat /etc/named.conf 


options { 
directory "/etc/namedb" ; 


}; 


zone "aa.bb.cc" { 1 
type master; 
file "aa.bb.cc.db"; 


1 


zone "cc" { 2 
type master; 
file "cc.db"; 


1 


zone "bb.cc" { 3 
type slave; 
file "bb.cc.db"; 
masters { 

128.102.0.42; 
}; 
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zone "zz.bb.cc" { 4 
type slave; 
file "zz.bb.cc.db"; 
masters { 

12:8..10 2:52 9:73 3 
}; 


1 This zone entry is not a subset of the zz.bb.cc. domain. 


2 This zone entry is a subset of the zz.bb.cc. domain. The server is a 
master server for the cc. domain and it stores the information for 
this domain in the cc. db file. 


3 This zone entry is a subset of the zz.bb.cc. domain. Theserver isa 
slave server for the bb.cc. domain and it stores the information for 
this domain in the bb. cc. db file. 


4 This zone entry matches the zz.bb.cc. domain. The server is a slave 
server for the zz.bb.cc. domain and it stores the information for this 
domain in the zz.bb.cc. db file. 


For more information on the format of the named. conf file, see 
named. conf(8) and the BIND Configuration File Guide 


When directed, record information in the named. conf file section on 
the worksheet. 


If anamed.conf entry: And the typeis: Action: 
Matches the target Master Write the server type, domain 
domain name name, and database file name 
on the worksheet and go to 
Section 17.8. 
Slave Write the server type, domain 


name, database file name, 
and host IP addresses on the 
worksheet and go to Section 17.7. 


Is a subset of the target Master Write the server type, domain 
domain name name, and database file name on 
the worksheet and go to step 2. 


Slave Write the server type, domain 
name, database file name, 
and host IP addresses on the 
worksheet and go to step 2. 


Neither matches nor is Master or slave Go to Section 17.5. 
a subset of the target 
domain name 
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Compare the target domain name with all nameserver (NS) records in 
the database file recorded on the worksheet. When directed, record 
information in the Nameservers section on the worksheet. Use the 
following commands to create and view a list of NS records: 


# grep —n NS database file > ns _ list 

# grep —n ORIGIN database file >> ns _ list 
# sort —n ns list > ns_list.srt 

# cat ns list.srt 


The following example shows the file created by these commands. The 
target domain is zz.bb.cc.: 


# cat ns list.srt 
1:SORIGIN cc. 


10: IN NS server_1.cc. 
17:SORIGIN cc. 

18:bb IN NS server 3.bb.cc. 
21:SORIGIN cc. 

22:bb IN NS server 4.bb.cc. 
41:SORIGIN bb.cc. 

42:22 IN NS server _5.zz.bb.cc. 1 
45:SORIGIN bb.cc. 

46:22 IN NS server 6.bb.cc. 2 


This entry is a longer subset (exact match) of the target domain. 
The domain name from the preceding $ORIGIN line, .bb.cc., is 
appended to the domain name of this line, zz, resulting in zz.bb.cc.. 


This entry is a longer subset (exact match) of the target domain. 
The domain name from the preceding $ORIGIN line, .bb.cc., is 
appended to the domain name of this line zz, resulting in zz.bb.cc.. 


If any Ns record: And the server Action: 
is: 
Contains a longer subset Master or slave Theserver has neither primary 
of the target domain name nor secondary authority for the 
than the domain name target information. Write the 
on the worksheet names of the servers on the 
worksheet and go to step 3. 
Does not contain alonger Master The database files contain 
subset of the target domain the target information. Go 
name than the domain to Section 17.8. 
name on the worksheet 
Slave The database files contain 
the target information. Go 
to Section 17.7. 


Find the IP addresses in the database file for any name servers on the 
worksheet. Use the following commands: 
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# grep —n ORIGIN database file > ip list 
# grep —n server name database file >> ip list 


# sort —n ip list > ip list.srt 
# cat ip list.srt 


Write the IP addresses on the worksheet next to the corresponding 
server name and go to Section 17.5. The following example shows the 
file created by the preceding commands: 


# cat ip list.srt 
1:SORIGIN cc. 


17:SORIGIN cc. 

21:SORIGIN cc. 

41:SORIGIN bb.cc. 

42:22 IN NS server 5.2z.bb.cc. 
43:SORIGIN zz.bb.cc. 

44:server 5 IN A 10.140.48.3 1 
45:SORIGIN bb.cc. 

46:22 IN NS server 6.bb.cc. 
47:SORIGIN bb.cc. 

48:server 6 IN A 10.12.48.3 2 


= 


ThelP address for server_5 is 10.140.48.3. 
2 ThelP address for server_6 is 10.12.48.3. 


17.5 Finding the Target Domain Information 


To determine the servers that the current server communicates with in order 
to get information for the target domain, complete the following steps: 


1. Search the named.conf file and find any forwarder entries. These 
entries have the following form: 


options { 
directory "directory-name"; 
forward only; 
forwarders { 
IP-address; 
IP-address; 


he 


When directed, record information in the Forwarders section on the 
worksheet. 
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If your system: Action: 


Contains a forwarder line The current server forwards requests. Write 
the IP addresses for any forwarders on the 
worksheet and go to Section 17.6. 


Does not contain a The current server does not forward 
forwarder line queries. Go to step 2. 


Compare the target domain name with all nameserver (NS) records in 
the database file recorded on the worksheet. When directed, record 
information in the Nameserver section on the worksheet. 


Use the following commands to create and view a list of NS records for 
each database file: 


# grep —n NS database file > ns _ list 

# grep —n ORIGIN database file >> ns_ list 
# sort —n ns list > ns _list.srt 

# cat ns_list.srt 


If any NS record: And: Action: 

Contains a longer subset of the =? Write the names of 

target domain name than the the servers on the 

domain name on the worksheet worksheet and go 
to step 3. 


Does not contain a longer subset of The Nameserver Goto Section 17.9. 
the target domain namethan the _ section on the 
domain name on the worksheet worksheet is 

blank 


Find the IP addresses in the database file for any name servers on the 
worksheet. Use the following commands: 


# grep —n ORIGIN database file > ip list 
# grep —n server name database file >> ip list 


# sort —n ip list > ip list.srt 
# cat ip list.srt 


Write the IP addresses on the worksheet next to the corresponding 
server name and go to step 4. 


Verify whether each server listed in the Nameserver section on the 
worksheet is reachable by using the ping command. 
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If a server: 


And: 


Action: 


Responds to the ping You 


command 


have root 


access to the 


server 


You do not have 


root 


access to 


the server 


Does not respond to the > 
ping command 


The server is reachable and 
under your administrative 
control. Note both items on the 
worksheet. Go to step 5. 


The server is reachable, but 
not under your administrative 
control. Note both items on the 
worksheet. Go to step 5. 


Note this on the worksheet. 


If no servers responded to the 
ping command, STOP. The 
current server is isolated from 
its servers on the network. 

You cannot solve the problem; 
contact your enterprise network 
administrator. 


Log in to each reachable server by using the telnet command. Each 
server you log in to becomes the current server. Get a new worksheet 
and write the current server name, current domain name, and target 
domain name on it. For each server, perform the DNS server test. See 


Section 17.3. 


17.6 Testing the Forwarders 


To determine whether the forwarders prevent you from resolving the target 
host name, complete the following steps: 


1. 


Determine whether each forwarder listed on the worksheet is reachable 


by using the ping command. 


If a forwarder: 


And: 


Action: 


Responds to the ping command You have root 
access to the 
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forwarder 


The forwarder is 

reachable and under your 
administrative control. Note 
both items on the worksheet. 
Go to step 2. 


You donot have The forwarder is reachable, 


root access to 
the forwarder 


but not under your 
administrative control. 
Note both items on the 
worksheet. Goto step 2. 


If a forwarder: And: Action: 


Does not respond to the — Note this on the worksheet. 
ping command 


If no forwarders responded 
to the ping command, 
STOP. The current server is 
isolated from its forwarders 
on the network. You cannot 
solve the problem; contact 
your enterprise network 
administrator. 


2. Edit thenamed.conf file and eliminate any forwarders that did not 
respond to the ping command. 


3. Enter thenslookup command again for the target host. 


If the nslookup Action: 
command: 

Succeeds Go to step 4. 
Fails Go to step 5. 


4. Edit thenamed.conf file and add the forwarders removed in step 2 at 
the end of the forwarders line. In addition, contact the administrators of 
forwarders not under your administrative control and inform them that 
they might have a problem with their forwarder. STOP. 


5. Login toeach reachable forwarder by using the telnet command. This 
forwarder is now the current server. On a new worksheet, write the 
current server name, current domain name, and target domain name. 
For each server, perform the DNS server test. See Section 17.3. 


If the forwarder or other Action: 
machines: 


Cannot resolve the Remove the forwarder from named. conf file. 
target name 


Can resolve the target STOP. 
name 


17.7 Testing Slave Servers 


To determine whether the slave server contains the target data, complete 
the following steps: 


1. Find the database serial number in the start of authority record in the 
database file. Use the following command: 
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# head —4 database file 


Write the first number, which is the serial number, on the worksheet 
inthe named. conf section. If you have a serial number on a previous 
worksheet, compare the current serial number with that one. Note 
whether the current number is larger (newer) or smaller (older) than 
the other number. In the following example, 23 is the serial number: 


# head -4 database file 


SORIGIN cc. 

bb IN SOA hostl.bb.cc. postmaster.hostl.bb.cc. ( 
23 300 60 1209600 43200 ) 
IN MX 100 host1.bb.cc. 


2. Determine whether the target data is contained in the database file 
written on the worksheet. Use the following commands to create and 
view a list of resource records: 


# grep —n data_type database file > ns list 
# grep —n ORIGIN database file >> ns_ list 

# sort —n ns list > ns_list.srt 

# cat ns list.srt 


If the database file: And the serial Action: 
number is: 
Contains the target data Newer The data exists in the 


domain. Go to step 3. 


Contains the target data Older or same _ Theserver is malfunctioning 
or you made a error. Verify 
all steps up to this point. 


Does not contain thetarget data > The data does not exist in 
the domain. Go to step 4. 


3. Determine whether the current server can access the target data. Use 
the following commands: 


# nslookup 
Default Server: hostl.corp.com 
Address: 127.0.0.1 


> server localhost 
Default Server: localhost.corp.com 
Address: 127.0.0.1 


> set timeout=45 


> set retry=2 
> target host.target domain. 
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If the nslookup command: And the 
database serial 
number is: 


Action: 


Succeeds > 


Succeeds Newer 


Fails = 


STOP. The server is working. 
Either the client or server 
cannot communicate with 
the server or this server 
just started working. 


Log out of the slave server. 
Get the previous slave 
server’s worksheet and 

go to step 8. 


Restart the current slave 
server by using the 
/sbin/init.d/named 
restart command. Then 
reenter the nslookup 
command 


Verify whether each name server listed on the worksheet is reachable 


by using the ping command. 


If a server: And: 


Action: 


Responds to the ping command You have root 
access to the 
server 


You do not have 
root access to 
the server 


Does not respond to the ae 
ping command 


The server is reachable and 
under your administrative 
control. Note both items 
on the worksheet. 


The server is reachable, 

but not under your 
administrative control. Note 
both items on the worksheet. 


Note this on the worksheet. 


If no servers responded 

to the ping command, 
STOP. The current server 
is isolated from its servers 
on the network. You cannot 
solve the problem; contact 
your enterprise network 
administrator. 


Count the number of servers that responded to the ping command and 
that are under your administrative control. If the number is zero (0), 


go to Section 17.10. 
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5. Edit the named.conf file and find the slave entry. Delete the IP 
address for those servers that are not reachable and are not under your 
administrative control. Delete those entries from the worksheet as well. 


6. Login to each reachable server by using the telnet command. Start a 
new worksheet for each server, writing the server name as the current 
server. Save the old worksheet. 


7. Compare the target domain name with all domain names of the master 
and slave entries in the /etc/named.conf file. These entries have 
the following form: 


zone "domain" { 
type server-type; 
file "filename.db"; 


3 


When directed, record information in the named. conf file section on 
the worksheet. 


If anamed.conf entry: And the first Action: 
field is: 
Matches the target Master Write the domain name and 
domain name database file name on the 
worksheet and go to Section 17.8. 
Slave Write the domain name, host 


IP addresses, and the database 
file name on the worksheet 
and go to step 1. 


Is a subset of the target > STOP. Examine another master 
domain name or slave server entry. 
Neither matches nor is ag STOP. Examine the next master 
a subset of the target or slave server entry. 


domain name 


8. Restart the current slave server by using the following command: 


# /sbin/init.d/named restart 


After restarting, wait a few minutes before proceeding to the next step. 
This allows time for the database to be updated. 


9. Determine whether the current server can access the target data. Use 
the following commands: 


# nslookup 
Default Server: hostl.corp.com 
Address: 127.0.0.1 


> server localhost 
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Default Server: localhost.corp.com 
Address: 127.0.0.1 


> set timeout=45 
> set retry=2 
> target host.target domain. 


If the nslookup command: Action: 


Succeeds STOP. The server is working. If you are in 
a telnet session to another slave server, 
log out and go to step 8. 


Fails If you just ended a telnet session to another 
server, go to step 10. 


If you did not end atelnet session, either the 
current server is malfunctioning and cannot 
read the database file or you made an error. 
Verify all steps up to this point. 


10. Compare the database serial number of the current server with the 
database serial number of the server from which you just logged out. 
Use the following command: 


# head —4 database file 


If the current database Action: 
serial number is: 


Older Either the server cannot pull the database from 
the authoritative server or you made an error. 
Verify all steps up to this point. 


The same The serial numbers cannot be equal. Verify 
all steps up to this point. 


17.8 Testing Master Servers 


To determine whether the master server contains the target data, complete 
the following steps: 


1. Ifyou areina telnet session froma slave server toa master server, go 
to step 2. Otherwise, go to step 3. 


2. Find the database serial number in the start of authority record in the 
database file. Use the following command: 


# head —4 database file 


Write the first number, which is the serial number, on the worksheet 
inthe named. conf section. If you have a serial number on a previous 
worksheet, compare the current serial number with that one. Note 
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whether the current number is larger (newer) or smaller (older) than 
the other number. In the following example, 23 is the serial number: 


# head -4 database file 


SORIGIN cc. 

bb IN SOA hostl.bb.cc. postmaster.hostl.bb.cc. ( 
23 300 60 1209600 43200 ) 
IN MX 100 host1.bb.cc. 


3. Determine whether the target data is contained in the database file 
written on the worksheet. Use the following commands to create and 
view a list of resource records: 


# grep —n data_type database file > ns _ list 
# grep —n ORIGIN database file >> ns_ list 

# sort —n ns list > ns_list.srt 

# cat ns list.srt 


If the database file: Action: 


Contains the target data Thedata exists in the domain. Goto step 4. 


Does not contain the Thedata does not exist in the domain. Gotostep 5. 
target data 


4. Determine whether the current server can access the target data. Use 
the following commands: 


# nslookup 
Default Server: host1l.corp.com 
Address: 127.0.0.1 


> server localhost 
Default Server: localhost.corp.com 
Address: 127.0.0.1 


> set timeout=45 
> set retry=2 
> target host.target domain. 


If the nslookup And the Action: 
command: database serial 
number is: 
Succeeds > STOP. Theserver is working. Either 


the last server cannot communicate 
with this server or this server 
just started working. 


Succeeds Older or same STOP. Theserver is malfunctioning 
or you made an error. Verify all 
steps up to this point. 
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If the nslookup And the Action: 


command: database serial 
number is: 
Succeeds Newer Log out of the master server. Get the 
previous slave server’s worksheet 
and go to step 8 in Section 17.7. 
Fails > Restart the current master server 


by using the /sbin/init .d/named 
restart command. Then reenter 
the nslookup command. 


Edit the database file and increment the database serial number by 1 to 
age the database. The following example shows the SOA record before 
and after editing. Note the serial number increase from 23 to 24. 


# head -4 database file 


SORIGIN cc. 

bb IN SOA hostl.bb.cc. postmaster.hostl.bb.cc. ( 
23 300 60 1209600 43200 ) 
IN MX 100 host1.bb.cc. 


# vi database file 


# head -4 database file 


SORIGIN cc. 

bb IN SOA hostl.bb.cc. postmaster.hostl.bb.cc. ( 
24 300 60 1209600 43200 ) 
IN MX 100 host1.bb.cc. 


Edit the database file and add new data to the database. Refer to 

Section 17.1 for information on valid data types. Precede any new entry 
with a SORIGIN entry, and separate database fields with a tab character. 
The following example shows a new address record for host host1.bb.cc.: 


SORIGIN bb.cc 
host1 IN A 16.141.112.11 


Restart the master server by using the following command: 
# /sbin/init.d/named restart 


Determine whether the current server can access the target data. Use 
the following commands: 


# nslookup 
Default Server: hostl.corp.com 
Address: 127.0.0.1 


> server localhost 
Default Server: localhost.corp.com 
Address: 127.0.0.1 


> set timeout=45 


> set retry=2 
> target host.target domain. 
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If the nslookup Action: 


command: 


Succeeds 


Fails 


Log out of the master server. Get the previous slave 
server’s worksheet and go to step 8 in Section 17.7. 


Either the server is malfunctioning or you made an 
error. Verify all steps up to this point. 


17.9 Tracing Information from the Root Name Server 


To resolve the target name beginning with the root of the DNS namespace, 
complete the following steps: 


1. Determine whether the current server has a cache file containing the 
information necessary to find a root server. Use the following command: 


# grep cache /etc/named.conf 


If a cache line: Action: 


Does not exist The current server cannot contact a root name 


Exists 


server. Note this on the worksheet and goto step 2. 


Note this on the worksheet and go to step 3. 


2. Adda cache file to your server. 


Addi 


Caution 


ng a cache file alters many system files. Perform the 


following steps as shown to ensure the correct operation 
of your system. 


a. Create copies of specific DNS and system files. Enter the following 
commands: 


cd 
cp 
cp 
cp 
cp 
cp 
cd 
cp 


th te GE GE te OSE He te 


/ete 

—r namedb namedb.back 

re.config.common rc.config.common.back 
hosts hosts.back 

resolv.conf resolv.conf.back 

svc.conf svc.conf.back 
/var/adm/sendmail 

sendmail.cf sendmail.cf.back 


b. Display the name of the local host by using the hostname 
command. You will need to reset the host name after running the 
SysMan Menu utility and copying system files. 
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Run the SysMan Menu utility. Modify the configuration and create 
a caching server (See Section 8.5.3). Do not start the DNS daemon 
automatically and do not run svcsetup. 


Copy the system files to the /etc directory. Use the following 
commands: 


cd /etc 

cp rce.config.common.back rc.config.common 
cp hosts.back hosts 

cp resolv.conf.back resolv.conf 

cp svc.conf.back svc.conf 


th th te te te 


Set the host name to the original host name by using the hostname 
command. 


Copy the sendmail file to the /var/adm/sendmail directory and 
restart sendmail. Use the following commands: 


# aed /var/adm/sendmail 
# cp sendmail.cf.back sendmail.cf 
# /sbin/init.d/sendmail restart 


Copy the DNS files tothe /etc directory. Use the following 
commands: 


cd /etc 

cp namedb/namedb.boot namedb.back/named.conf new 
cp namedb/namedb.ca namedb.back 

rm —rf namedb.back namedb 

mv namedb.back namedb 

cd namedb 


th SE SE Ge te te 


Edit the named. conf file and add the following lines to the end 
of the file: 


zone "." { 
type hint; 
file "named.ca"; 


Remove the named. conf_new file 


Restart the current server by using the 
/sbin/init.d/named restart command. 


Display the named. ca file by using the following command: 


# cat named.ca 


Write the root name server names and |P addresses in the Root 
nameservers section on the worksheet. 


Verify whether each root name server listed on the worksheet is 
reachable by using the ping command. 
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If a root name server: Action: 


Responds to the ping Note this on the worksheet. Go to Section 17.11. 
command 


Does not respond to the Note this on the worksheet. If no servers 
ping command responded to the ping command, go to step 5. 


5. Doeither of the following: 


¢ Give the current server access to the Internet. Then restart the 
named daemon by using the following command: 


# /sbin/init.d/named restart 
Keep the current server and worksheet, and go to Section 17.3. 


e Adda forwarder entry to direct the current server to communicate 
with a machine with Internet access. Then restart the named 
daemon by using the following command: 


# /sbin/init.d/named restart 


Keep the current server and worksheet, and go to Section 17.3. 


17.10 Resolving Target Data 
To resolve target data using a name server, complete the following steps: 


1. Enter thenslookup command for the target system. Choose the first 
name server from either the Root nameserver section or the Nameserver 
section. Use the following commands: 


current _server> nslookup 
Default Server: localhost.omni.corp.com 
Address: 127.0.0.1 


> server IP address 
Default Server: [IP_address] 


Address: 128,102..16,10 


> set type data_type 
> target name 
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If the nslookup And: Action: 
command: 


Succeeds = STOP. Theserver is working. Either 
the last server you tested does not 
talk to this one or this server just 
started working. Verify all steps 
completed up to this point. 


Fails An error If a “non-existent domain” message 
message is is displayed, no data exists for the 
returned. target_name. Goto Section 17.11. 


If a “no information available” 
message is displayed, the 
target_name exists, but is 

not associated with the target data. 
If the data is required, contact 
the target domain administrator 
and request that the data be 
added to the domain. 


If a “timed-out” message is 
displayed, the server to which you 
sent the query cannot contact the 
server that is responsible for the 
target data. Go to step 2. 


Fails An error An unknown error. Contact the 
message is not target domain administrator. 
returned. 


Modify the retry and timeout values and re-enter the nslookup 
command. Enter the following commands: 


current _server> nslookup 
Default Server: localhost.omni.corp.com 
Address: 127.0.0.1 


> server IP_address 
Default Server: [IP_address] 


Address: IP_address 


> set type data_type 
> target name 
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If the nslookup And: Action: 
command: 


Succeeds = STOP. The server is working, but 
is slow. This might prevent the 
query from being resolved. If the 
network connection to the server 
is correct, wait two or three hours 
for the performance to improve. If 
it does not improve, contact the 
server administrator. 


Fails An error If a “non-existent domain” message 
message is is displayed, no data exists for the 
returned target_name. Goto Section 17.11. 


If a “no information available” 
message is displayed, the 
target_name exists, but the 
target data is not associated with 
it. If the data is required, contact 
the target domain administrator 
and request that the data be 
added to the domain. 


If a “timed-out” message is 
displayed, the server to which you 
sent the query cannot access the 
server that is responsible for the 
data. Select another nameserver 
from the worksheet and go to step 1. 


Fails An error An unknown error. Contact the 
message is not target domain administrator. 
returned 


17.11 Finding the First Nonexistent Domain 


To find the first nonexistent domain in a target name, complete the following 
steps: 


1. Enter the nslookup command, using the smallest subset of the target 
domain name. Enter the following commands: 


current _server> nslookup 
Default Server: localhost.omni.corp.com 
Address: 127.0.0.1 


> server IP_address 
Default Server: [IP_address] 


Address: IP_address 


> set type=ns 
> target name subset 
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For example, if the target domain name is zz.bb.cc., the first attempt is 
to resolve the target name subset cc.. If necessary, the second attempt 


uses bb.cc., and the third, zz.bb.cc.. 


If the nslookup And: Action: 

command: 

Succeeds FA Go to step 3. 

Fails An error If a “non-existent domain” message 
message is is displayed, no data exists for 
returned the target_name. If the data 


is required, contact the domain 
administrator and request that the 
data be added to the domain. STOP. 


If a “timed-out” message is 
displayed, go to step 2. 


2. Modify the retry and timeout values and enter the nslookup command 
again. Enter the following commands: 


current _server> nslookup 


Default Server: localhost.omni.corp.com 


Address: U2°722,0' 3/0 cL. 


> server IP address 
Default Server: [IP_address] 
Address: IP_address 


set retry=2 

set timeout=45 

set type=ns 
target name subset 


vVvvwv 


If the nslookup command: And: Action: 

Succeeds =. Go to step 3. 

Fails An error If a “non-existent domain” 
message is message is displayed, no data 
returned exists for the target_name. If 


the data should exist, contact 
the domain administrator and 
request that the data be added 
to the domain. STOP. 


If a “timed-out” message is 
displayed, select another name 
server from the worksheet and 
go to Section 17.10. 


3. Add thenext part of the target domain name to the target subset and 


go to step 1. 
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Reporting Network Problems 


If you are unable to solve a critical problem with the network or network 
service, do the following: 


1. Read the release notes for the product to see if the problem is known. If 
itis, follow the solution offered to solve the problem. 


2. Determine whether the product is still under warranty or whether your 
company purchased support services for the product. Your operations 
manager can supply you with the necessary information. 


3. If either condition in step 2 was met, take one of the following actions: 
a. Access the online service database, if you have purchased this 


service, and determine if the problem you are experiencing has 
already been reported. If it has not, log your problem. 


b. Call your service representative and describe the problem. 


4. If you are requested to supply any information pertaining to the 
problem, gather the necessary information and submit it. 


18.1 Gathering Information 


You might be asked to submit some information that can help isolate 
problems to a particular area of the system and speed the resolution 
of the problem. It is a good idea to keep all basic information in a 
system. information file. Then you can easily indude it with your 
problem report. 


The following sections describe some of the information that you might be 
asked to submit. 


18.1.1 General Information 


Gather the following information about your system: 


¢« Theoperating system version and revision number (from the /etc/motd 
file). Add this to the system. information file. 


e A description of your system’s activity before the error. 
¢ A listing of the exact command line or lines executed and the output. 
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A copy of the application source code, if running a user-created 
application. If possible, include a sample test program that demonstrates 
the problem. 


18.1.2 Hardware Architecture 


Gather the following information about the hardware architecture: 


A description of the model of the workstation or server (from the 
/usr/sys/conf /HOSTNAME file), including the type of graphics 
controller (if a workstation), the amount of memory, and third-party 
hardware 


A description of the X server 

To determine which type you are running, enter the following command: 
# ps ax | grep /usr/bin/X >> system.information 

A description of the disks used and the size of your swap partition 


For example, if your system disk is unit 0, enter the following commands 
as root to add this information tothe system. information file: 


disklabel -r /dev/rrz0a >> system.information 
echo df: >> /system.information 

df >> /system.information 

echo mount: >> /system.information 

mount >> /system.information 

echo xdpyinfo: >> /system.information 
xdpyinfo >> /system.information 


th th GE SE GE SE te 


Any networking information 


To add this to the system. information file, enter the following 
commands: 


echo netstat: >> /system.information 
netstat -i -n >> system.information 
netstat -r -n >> /system.information 

echo nslookup: >> /system.information 
nslookup localhost >> /system.information 


th te SE Ge te 


Any event logging information 


To add this to the system. information file, enter the following 
commands: 


# uer£ -R -o full | head -200 >> /system.information 


18.1.3 Software Architecture 


Gather the following information about the software architecture: 


A description of the software subsets installed 
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To add this to the system. information file, enter the following 
commands: 


# echo setld: >> /system.information 
# setld -i >> /system.information 


¢ The output of the set1d log file 


To add this to the system. information file, enter the following 
command: 


# pr /usr/adm/smlogs/setld.log >> /system.information 
¢ The automatic reboot file 


To add this to the system. information file, enter the following 
commands: 


# pr /etc/re.config* >> /system.information 
# pr /sbin/rc[023] >> /system.information 
# pr /sbin/init./* >> /system.information 


¢ A description of the layered products installed 
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A 


Monitoring the Network Interfaces 


The netstat command can help you monitor the Ethernet, Fiber 
Distributed Data Interface (F DDI), and token ring network interfaces. The 
following sections contain sample system output and a description of the 
information for each network interface. 


A.1 Monitoring the Ethernet Interface 


You can use the netstat —I 1n0 ~—s command to obtain a listing of 
the Ethernet counters. The following is sample system output from this 


command: 


1n0o 


Ethernet 
1289 
16812469 
4657308 
42555 
28418 
860360 
7710 
546 
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counters at Thu Nov 6 07:33:00 1992 
seconds since last zeroed 
bytes received 
bytes sent 
data blocks received 
data blocks sent 
multicast bytes received 
multicast blocks received 
multicast bytes sent 
multicast blocks sent 
blocks sent, initially deferred 
blocks sent, single collision 
blocks sent, multiple collisions 
send failures, reasons include: 
Excessive collisions 
collision detect check failure 
receive failures, reasons include: 

Block check error 

Framing Error 
unrecognized frame destination 
data overruns 
system buffer unavailable 
user buffer unavailable 


The following section lists each field in the previous example alphabetically, 
and describes each field. 
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blocks sent, initially deferred 


The number of times a frame transmission was deferred on its first 
transmission attempt. Used in measuring Ethernet contention with no 
collisions. 


blocks sent, multiple collisions 


The number of times a frame was successfully transmitted on the third 
or later attempt after normal collisions on previous attempts. 


blocks sent, single collision 


The number of times a frame was successfully transmitted on the 
second attempt after a normal collision on the first attempt. 


bytes received 


The number of bytes successfully received. 
bytes sent 
The number of bytes successfully transmitted. 


collision detect check failure 


The number of times a collision detection was not sensed after a 
transmission. 


data blocks received 
The number of frames successfully received. 
data blocks sent 


The number of frames successfully transmitted. 


data overruns 


The number of times a frame was discarded because no receive buffer 
was available. 


multicast blocks received 


The number of frames successfully received in multicast frames. 


multicast blocks sent 


The number of frames successfully transmitted in multicast frames. 
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multicast bytes received 


The number of bytes successfully received in multicast frames. 


multicast bytes sent 


The number of bytes successfully transmitted in multicast frames. 


receive failures, reasons include: 


The number of times a receive error occurred. Each receive error is 
classified as one of the following: 


Block check error 
Framing error 
Frame too long 


seconds since last zeroed 


The number of seconds since the associated counter attributes were 
set to zero. 


send failures, reasons include: 


The number of times a transmit error occurred. Each transmit error is 
classified as one of the following: 


Excessive collisions 
Carries check failed 
Short circuit 

Open circuit 

Frame too long 
Remote failure to defer 


system buffer unavailable 


The number of times a frame was discarded because no link buffer 
was available. 


unrecognized frame destination 


The number of times a frame was discarded because there was no 
data link port. The count includes frames received for the physical 
address only. It does not include frames received for the multicast or 
broadcast address. 
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user buffer unavailable 


The number of times a frame was discarded because no user buffer 
was available. 


A.2 Monitoring the FDDI Interface 


You can usethenetstat -I interface —s command to obtain a listing 
of the Fiber Distributed Data Interface (F DDI) counters, status, and 
characteristics for the FDDI interface. The following is sample system 
output from this command for the £zao interface. See faa(7), fta(7), £za(7), 
and mfa(7) for adapter error messages. 


fza0 FDDI counters at Wed Jun 12 14:02:44 1992 
89 seconds since last zeroed 
6440875 ANSI MAC frame count 
0 ANSI MAC frame error count 
0 ANSI MAC frames lost count 
37488 bytes received 
39005 bytes sent 
447 data blocks received 
479 data blocks sent 
30170 multicast bytes received 
321 multicast blocks received 
29163 multicast bytes sent 
360 multicast blocks sent 
0 transmit underrun errors 
send failures 
FCS check failures 
frame status errors 
frame alignment errors 
frame length errors 
unrecognized frames 
unrecognized multicast frames 
receive data overruns 
system buffers unavailable 
user buffers unavailable 
ring reinitialization received 
ring reinitialization initiated 
ring beacon process initiated 
ring beacon process received 
duplicate tokens detected 
duplicate address test failures 
ring purger errors 
bridge strip errors 
traces initiated 
traces received 
LEM reject count 
LEM events count 
LCT reject count 


oooooooo0o°0o0o°0o0co 0 0 00 0 0 0 0000 
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0 TNE expired reject count 
1 completed connection count 
0 elasticity buffer errors 


fza0 FDDI status 


Station State: 

Last Station ID: 

Station UID: 

Link State: 

Link UID: 

Negotiated TRT: 

Duplicate Address Test: 
Upstream Neighbor Address: 


Old Upstream Neighbor Address: 
Upstream Neighbor Dup Addr Flag: 


Downstream Neighbor Address: 


Old Downstream Neighbor Address: 


Ring Purger State: 

Frame Strip Mode: 

Ring Error Reason: 

Loopback Mode: 

Ring Latency: 

Ring Purge Address: 

Physical Port State: 
Physical Port UID: 

Neighbor Physical Port Type: 


Physical Link Error Estimate: 


Broken Reason: 
Reject Reason: 


fza0 FDDI characteristics 


Station ID: 

Station Type: 

SMT Version ID: 

SMT Max Version ID: 

SMT Min Version ID: 

Link Address: 

Requested TRT: 

Valid Transmission Time: 
Restricted Token Timeout: 
Ring Purger Enable: 
Physical Port Type: 

PMD Type 

LEM Threshold: 


On 

Not Implemented 
00-00-08-00-2B-A2 
On ring running 
08-00-2B-A2-B5-84 
7.987 ms 

Absent 
08-00-2B-18-B3-D7 
08-00-2B-1E-C0O-3E 
Unknown 
08-00-2B-1E-C0O-3E 
08-00-2B-1E-C0O-3E 
Purger off 

Source Address Match 
No reason 

False 

0.000 ms 

Not Implemented 

In use 
08-00-2B-A2-B5-84 
Master 

15 

None 

No reason 


00-00-08-00-2B-A2 
SAS 

2 

2 

2 
08-00-2B-A2-B5-84 
8.000 ms 

2.621 ms 

1000.000 ms 

FALSE 

Slave 

ANSI multimode 

8 


The Downstream Neighbor Address and Restricted Token Timeout are 
reported only for the DEF ZA firmware revision 1.2 and higher. 
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The following sections list each field in the previous example alphabetically, 
and describe each field. 


A.2.1 FDDI Counters 


This section lists the FDDI counters alphabetically. 
ANSI MAC frame count 


The total number of frames (other than the token frame) seen by this 
link. 


ANSI MAC frame error count 


The total number of times the media access control (MAC) changed the 
E indicator in a frame from R toS. 


ANSI MAC frames lost count 
The total number of times a frame (other than the token frame) was 
improperly terminated. 

bridge strip errors 


The number of times a frame content independent strip operation was 
terminated by receipt of a token. 


bytes received 


The number of bytes successfully received. 


bytes sent 


The number of bytes successfully transmitted. 


completed connection count 


The number of times the physical (PHY) port entered the |n Use state, 
having completed the initialization process. 


data blocks received 


The number of frames successfully received. 


data blocks sent 


The number of frames successfully transmitted. 


duplicate address test failures 


The number of times the duplicate address test failed. 
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duplicate tokens detected 


The number of times the MAC detected a duplicate token, either via 
the duplicate token detection algorithm or by receiving a token while 
already holding one. 


elasticity buffer errors 


Thenumber of times the Elasticity Buffer function in the PHY port had 
an overflow or underflow. 


FCS check failures 


The number of times a received frame failed the Frame Control Status 
(FCS) check. 


frame alignment errors 


The number of times a received frame had an alignment error. 


frame length errors 


The number of times a received frame had an invalid length, either 
too long or too short. 


frame status errors 


The number of times a received frame had the E indicator in error but 
the cyclic redundancy check (CRC) was correct. 


LCT reject count 


The number of times a connection on this physical port was rejected 
due to failure of the link confidence test (LCT) at either end of the 
physical connection. 


LEM events count 


The number of errors detected by the link error monitor (LEM) on 
the physical layer. 


LEM reject count 


The number of times an active connection on this physical port was 
disconnected due to rejection by the LEM at this end of the physical 
connection. 


multicast blocks received 


The number of frames successfully received in multicast frames. 
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multicast blocks sent 


The number of frames successfully transmitted in multicast frames. 


multicast bytes received 


The number of bytes successfully received in multicast frames. 


multicast bytes sent 


The number of bytes successfully transmitted in multicast frames. 


receive data overruns 


The number of times a frame was discarded because no receive buffer 
was available. 


ring beacon process initiated 


The number of times the ring beacon process was initiated by this link. 


ring beacon process received 


The number of times the ring beacon process reinitialization was 
initiated by some other link. 


ring purger errors 


The number of times the ring purger received a token while still in 
the ring purge state. 


ring reinitialization initiated 


The number of times a ring reinitialization was initiated by this link. 


ring reinitialization received 


The number of times a ring reinitialization was initiated by some 
other link. 


seconds since last zeroed 


The time at which the link entity was created. This value indicates 
when the associated counter attributes were set to zero. 


send failures 


The number of times a transmit error (other than transmit underrun) 
occurred. 
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system buffers unavailable 


The number of times a frame was discarded because no link buffer 
was available. 


TNE expired reject count 
The number of times an active connection on this physical port was 
disconnected due to rejection by expiration of the noise timer (TNE). 
traces initiated 


The number of times the PC-trace process was initiated by this link. 


traces received 


The number of times the PC-trace process was initiated by some other 
link. 


transmit underrun errors 
The number of times a transmit underrun error occurred. This 
indicates the transmit first-in/first-out (FIFO) buffer became empty 
during frame transmission. 

unrecognized frames 
The number of times a received, individually addressed logical link 
control (LLC) frame was discarded because there was no data link port. 

unrecognized multicast frames 
The number of times a received LLC frame addressed to a multicast 
address was discarded because there was no data link port. 

user buffers unavailable 


The number of times a frame was discarded because no user buffer 
was available. 


A.2.2 FDDI Status 


This section lists the FDDI status alphabetically. 


Broken Reason 


The reason that the physical port is in the Broken state (for non-SAS 
stations). This field can have one of the following values: 
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Broken The physical port is broken. 
None The physical port is not in the Broken state. 


Downstream Neighbor Address 
The 48-bit hardware address of the station that is on the downstream 
side of the ring from this station. 

Duplicate Address Test 


The result of the duplicate address test performed by the FDDI MAC 
entity of the station. This field can have one of the following conditions: 


Absent The FDDI MAC entity determined that there is 
no duplicate of its own line address on the ring. 
Present The FDDI MAC entity determined that a 


duplicate of its own line address exists on the 
ring. No data can be transmitted or received on 
the line until this logical ring fault is resolved. 


Unknown TheFDDI MAC entity is performing the duplicate 
address test to determine if any other stations on 
the ring have the same address as the line. 


Frame Strip Mode 


The frame strip mode used by the station. This field can have one of 
the following values: 


Source Address Match The station strips frames from the ring that 
contain its own address in the source address field. 


Bridge Strip The station maintains a count of frames sent 
since obtaining the token, sends a void frame 
when the transmission is complete (two void 
frames if it is serving as ring purger), and strips 
the returning frames from the ring until the 
count of frames sent is decremented to zero. 
Bridge stripping is used by bridges because they 
are sensitive to no-owner frames and frequently 
send frames that do not contain their own 
address in the source address field. 


Unknown The station is not operating on the ring. 


Last Station ID 


If implemented, this is the 48-bit address of the station that last 
performed a successful Parameter Management F rame (PMF) change, 
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add, or remove operation. If not implemented, the phrase “Not 
implemented” is displayed. 


Link State 


The operational state of the FDDI MAC entity of the station. This field 
can have one of the following values: 


Broken A hardware problem exists. 


Off Fault Recovery The FDDI MAC entity is recovering from a 
logical ring fault such as a failure of the duplicate 
address test, a local or remote stuck beaconing 
condition, or ring operational oscillation. 


Off Maintenance The FDDI MAC entity is performing loopback 
testing and online diagnostics. 

Off Ready The FDDI MAC entity is ready for operation but 
is not yet connected to the logical ring. 

On Ring Initializing The FDDI MAC entity is connecting to 
the logical ring. 

On Ring Running The FDDI MAC entity is connected to the 
logical ring and is fully operational. 

Unknown TheFDDI MAC entity is not connected tothering. 

Link UID 


The 48-bit address of the physical port for the data link. 


Loopback Mode 


The operational state of loopback mode for the link entity. This field 
can have one of the following values: 


False Loopback mode is off. The link entity is not set up to 
receive frames that it transmits in order to perform loopback 
testing on the ring or of the physical port. 


True Loopback mode is on. The link entity is set up to receive 
frames that it transmits in order to perform loopback testing 
on the ring or of the physical port. 


Negotiated TRT 


The negotiated target token rotation time (TTRT) value is referred to 
as T NegintheANSI FDDI specifications. It is negotiated during 
the claim token process. 
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Neighbor Physical Port Type 


The type of the neighbor physical port. This field can have one of the 
following values: 


A The physical port on a dual attachment wiring concentrator 
(DAC) or dual attachment station (DAS) that connects to 
the incoming primary ring and the outgoing secondary 
ring of the FDDI dual ring. 


B The physical port on a dual attachment wiring concentrator 
(DAC) or dual attachment station (DAS) that connects to 
the outgoing primary ring and the incoming secondary 
ring of the FDDI dual ring. 


Master One of the physical ports on a wiring concentrator that connects to 
a single attachment station (SAS) such as a DECbridge 500 device. 


Slave The physical port on a single attachment station (SAS) that 
connects to a wiring concentrator or another SAS. 


Unknown Physical port type is undefined. 


Old Downstream Neighbor Address 


The 48-bit hardware address of the station that was previously on the 
downstream side of the ring from this station. 


Old Upstream Neighbor Address 


The 48-bit hardware address of the station that was previously on the 
upstream side of the ring from this station. 


Physical Link Error Estimate 


The current link error rate as estimated by the link error monitor 
(LEM). For a value of n, the actual rate is 1x10-", 


Physical Port State 


The operational state of the physical port. This field can have one of 
the following values: 


Broken The physical port failed its diagnostic tests 
and is nonoperational. 


Failed Same as Waiting, except that the physical 
port failed at least once; by failing the link 
confidence test (LCT) during initialization, 
by exceeding the link error monitor (LEM) 
threshold during operation, or because it 
is part of an illegal topology. 
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In use 


Off maintenance 


Off ready 
Starting 


Unknown 


Waiting 


Watching 


Physical Port UID 


The physical port established a connection 
and is fully operational. 


The physical port is reserved for diagnostic 
testing and loopbacks. 


The physical port is disabled. 


The physical port received a response from 

its neighbor physical port and is exchanging 
information and performing the link confidence 
test (LCT) before completing the connection. 


The condition of the physical port is not known. 


The physical port is establishing a connection 
and is waiting for a response from its 
neighbor physical port. 


Same as Starting, except that the physical 
port failed at least once; by failing the link 
confidence test (LCT) during initialization, 
by exceeding the link error monitor (LEM) 
threshold during operation, or because it 
is part of an illegal topology. 


The 48-bit address of the physical port. 


Reject Reason 


The reason that the last connection on the physical port was lost. This 
field is updated every time the physical port loops through the F ailed 
and Watching states. This field can have one of the following values: 


LCT Both 


LCT Local 
LCT Remote 


LEM Failure 


No Reason 


Remote Reject 


Standby 


The link confidence test (LCT) failed on both this 
physical port and the neighbor physical port. 


The link confidence test (LCT) failed on this physical port. 


The link confidence test (LCT) failed on the 
neighbor physical port. 


The bit error rate on the physical port exceeded the 
link error monitor (LEM) threshold. The LEM monitors 
the quality of the link during operation. 


The physical port is initializing. This value is cleared 
when the physical port enters the In Use state. 


The neighbor physical port broke the connection 
for an unknown reason. 


The physical port is not ready, it is initializing. 
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TNE Expired The noise timer expired because a single noise event 
lasted for more than 1.31072 milliseconds. The noise 
timer is operational only when the physical port is In Use. 


Topology Rules The neighbor physical port is an illegal match 
for this physical port; for example, an A and an 
A or a Master and a Master. 


Trace in Progress A PC Trace occurred while the physical port was 
initializing. When a PC trace occurs, any physical 
ports that have not established a connection are shut 
down to prevent the topology from changing. 


Trace Received- §Thephysical port was momentarily disabled because 

Trace Off it received a PC trace when its own PC trace function 
was disabled. The Trace Disable switch is designed to 
protect the physical port from faulty implementations 
of the PC trace algorithm. The Trace Disable switch 
is not remotely manageable. 


Ring Error Reason 


The reason thereis an error condition on the ring. This field can have 
one of the following values: 


Bridge Strip Error A station using bridge frame stripping received 
a token before decrementing its Sent count 
to zero. In bridge strip mode, the station 
maintains a count of frames sent since obtaining 
the token, and decrements the count each 
time one of its frames returns. 


Directed Beacon Received A station that is stuck beaconing sent a frame 
to the directed beacon multicast address, 
indicating the suspected cause of the ring break. 
(A station is stuck beaconing when its FDDI 
MAC entity has been beaconing longer than 
the time defined by the ANSI FDDI parameter 
T_Stuck.) This is the last recovery procedure 
before initiating the PC trace. 


Duplicate Address A station detected a duplicate of its own address. 
Detected 


Duplicate Token Detected A station received a token while it was 
holding the token. 


No Reason The ring is operating correctly. 
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PC Trace | nitiated A station that is stuck beaconing has forced 
its upstream neighbors to perform their 
self-tests. (A station is stuck beaconing when 
its FDDI MAC entity has been beaconing 
longer than the time defined by the ANSI FDDI 
parameter T_ Stuck.) PC trace is the most 
drastic fault recovery procedure. 


PC Trace Received Thestation received a PC trace frame, instructing 
the station to initiate a self-test. 


Ring Beaconing Initiated A station initiated the ring beacon process because 
its TRT timer expired before the daim token 
process recovered the ring. The beacon process 
locates the ring break. The station downstream 
from the break will be stuck beaconing. (A station 
is stuck beaconing when its FDDI MAC entity 
has been beaconing longer than the time defined 
by the ANSI FDDI parameter T_Stuck.) 


Ring Init Initiated The FDDI MAC entity of this station initiated 
the claim token process because it detected a 
configuration change or a missing token. 


Ring I nit Received Another station initiated the daim token 
process because it detected a configuration 
change or a missing token. 


Ring OP Oscillation The ring is suffering from ring OP (operational) 
oscillation. That is, it repeatedly comes up 
briefly and then goes back into initialization. 
This problem is frequently caused by a 
duplicate address condition. 


Ring Purge Error The station serving as the ring purger received 
a token when it was not expecting one. The 
station expects two void frames and then the 
token when it is serving as the ring purger. 
Ring Latency 
The amount of time (in milliseconds) for a signal element to proceed 
completely around the entire ring. 
Ring Purge Address 
The 48-bit data link address of the station currently elected as Ring 
Purger. 
Ring Purger State 


The state of the ring purger algorithm of the station’s FDDI MAC 
entity. This field can have one of the following values: 


Monitoring the Network Interfaces A-15 


Candidate 


Non Purger 


Purger 


Purger Off 


Station State 


The ring is operational and the FDDI MAC 
entity is bidding to become the ring purger by 
sending Candidate Hello frames to the ring 
purger multicast address. The station with the 
highest station |D becomes the ring purger. 


The ring is operational and the FDDI MAC entity 
is not the ring purger, either because another 
station won the candidate bidding or because 
this line has a duplicate address. 


The ring is operational and the FDDI MAC entity 
is serving as ring purger, constantly purging the 
ring of fragments and no-owner frames. The 
station periodically sends Ring Purger Hello 
frames to the ring purger multicast address. 


The ring purger algorithm is not active because 
the ring is not operational. 


The state of the station. This field can have one of the following values: 


Loopback 


Off 
On 


Station UID 


The station is enabled to operate in loopback 
mode; it will not connect to the ring. 


The station is disabled. 


The station is enabled to operate in 
normal operating mode. 


The 48-bit ID of the FDDI port of the station. The first two bytes are 
zero (0). The remaining bytes are the link address value of the first 


MAC of the station. 


Upstream Neighbor Address 


The 48-bit hardware address of the station that is on the upstream 
side of the ring from this station. 


Upstream Neighbor Dup Addr Flag 


The upstream neighbor’s duplicate address status. This field can have 
one of the following values: 


Absent 


Present 
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The duplicate address test passed. 
The duplicate address test failed. 


A.2.3  FDDI Characteristics 


This section lists FDDI characteristics alphabetically. 
LEM Threshold 


The link error monitor (LEM) threshold set for the physical port. The 
LEM monitors the bit error rate (BER) on the physical port during 
normal operation. When the bit error rate rises above the LEM 
threshold, the station disables the physical port, preventing it from 
disrupting the ring. 


TheLEM threshold is expressed as the absolute value of the exponent 
of the bit error rate. The legal range for the threshold is 5 through 8, 

corresponding tothe range of bit error rates, which is 1x10-> (0.00001) 
bit errors per second through 1x10-8 (0.00000001) bit errors per second. 


Link Address 


The 48-bit hardware address of this FDDI network interface. 
Physical Port Type 


The type of the neighbor physical port. This field can have one of the 
following values: 


A The physical port on a dual attachment wiring concentrator 
(DAC) or dual attachment station (DAS) that connects to 
the incoming primary ring and the outgoing secondary 
ring of the FDDI dual ring. 


B The physical port on a dual attachment wiring concentrator 
(DAC) or dual attachment station (DAS) that connects to 
the outgoing primary ring and the incoming secondary 
ring of the FDDI dual ring. 


Master One of the physical ports on a wiring concentrator that connects to 
a single attachment station (SAS) such as a DECbridge 500 device. 


Slave The physical port on a single attachment station (SAS) that 
connects to a wiring concentrator or another SAS. 


Unknown No connection has been established. 


PMD Type 


The type of physical medium to which this physical port is attached. 
This field can have one of the following values: 
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ANSI Multimode Inexpensive thick core fiber combined with 
light-emitting diode (LED) sources and p-type 
intrinsic n-type (PIN) detectors. 

ANSI Singlemode Type 1 Expensive thin core fiber combined with laser 


diode sources and avalanche photodiode 
(APD) detectors. 


ANSI Singlemode Type 2. Expensive thin core fiber combined with laser 
diode sources and avalanche photodiode 
(APD) detectors. 


ANSI SONET Synchronous Optical Network 


Requested TRT 


TheANSI MAC parameter T_req, which is the requested value for the 
Token Rotation Timer. The default value is 8.0 milliseconds. 


Restricted Token Timeout 


This value limits how long a single restricted mode dialog can last 
before being terminated. 


Ring Purger Enable 


If True, this link participates in the Ring Purger election. If elected, 
the link performs the Ring Purger function. 


SMT Max Version ID 


The highest value supported for SMT Version ID. A value of 1 
corresponds to SMT Revision 6.2. 


SMT Min Version ID 


The lowest value supported for SMT Version ID. A value of 1 
corresponds to SMT Revision 6.2. 


SMT Version ID 


The version number of the FDDI Station Management (SMT) protocol. 


Station ID 


The 48-bit 1D of this FDDI network interface for station management 
(SMT). The first two bytes are zero (0). The remaining bytes are the 
link address value of the first MAC of the station. 


Station Type 


The type of station. This field can have one of the following values: 
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DAS 


SAS 


A dual attachment station (DAS). A station that 


has one or two links and two physical ports, 
one of type A and one of type B. 


A single attachment station (SAS). 


Valid Transmission Time 


The valid transmission time (TVX) used by the FDDI MAC entity. If 
the FDDI MAC entity does not receive a valid frame or unrestricted 
token within the valid transmission time, it initializes the ring. The 
default value is 2.621 milliseconds. 


A.3 Monitoring the Token Ring Interface 


You can usethe netstat -I trad —s command to obtain a listing of the 
token ring counters and other attributes. The following is sample system 
output from this command: 


traO Token ring counters at Thu Mar 24 07:33:00 1993 


82502 
2230 
1704 

34 
20 


13 


GDONURFRFEWWDTODOWOOFWOrFOAOAAOO 


seconds since last zeroed 
bytes received 

bytes sent 

data blocks received 

data blocks sent 
multicast bytes received 
multicast blocks received 
multicast bytes sent 
multicast blocks sent 
unrecognized frames 
unrecognized multicast frames 
transmit failures 
transmit underrun errors 
line errors 

internal errors 

burst errors 

ARI/FCI errors 

abort delimiters transmitted 
lost frame errors 

receive data overruns 
frame copied errors 

token errors 

hard errors 

soft errors 

adapter resets 

signal loss 

beacon transmits 

ring recoveries 

lobe wire faults 

removes received 
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0 single stations 

0 self test tailures 
trad Token ring and host information: 
MAC address: 
Group address: 
Functional address: 
Physical drop number: 
Upstream neighbor address: 
Upstream physical drop number: 
Transmit access priority: 
Last major vector: 
Ring status: 
Monitor contender: 
Soft error timer value: 
Local ring number: 
Reason for transmitting beacon: 
Reason for receiving beacon: 


Beacon station physical drop number: 
Ring speed: 

Early token release: 

Open status: 

Token ring chip: 
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Last beacon upstream neighbor address: 


00-00-C9-19-4A-F3 
00-CO0-00-80-00-00 
00-C0-00-00-00-00 

0 

00-00-10-C9-F5-3B 

0 

0 

Standby monitor present 
No problems detected 
Yes 

2000 ms 

0 

No beacon 

No beacon 
00-00-10-C9-F3-4A 

0 

4Mbps 

False 

Open 

TMS3 80C26 


This section lists the token ring counters alphabetically. 


abort delimiters transmitted 


The number of times an abort delimiter was transmitted while 


transmitting data. 


adapter resets 


The number of times the adapter was reset. 


ARI/FCI errors 


The number of times a standby monitor present (SMP) MAC frame 
or active monitor present (AMP) MAC frame was received with the 
address recognized indicator (ARI) or frame copied indicator (FCI) 
bits set to zero, followed by another SMP MAC frame with the ARI 


and FCI bits set to zero. 


beacon transmits 


The number of beacon MAC frames transmitted. 
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burst errors 
The number of times a burst error was detected. 
bytes received 


The number of bytes successfully received. 


bytes sent 


The number of bytes successfully transmitted. 


data blocks received 


The number of frames successfully received. 


data blocks sent 


The number of frames successfully transmitted. 


frame copied errors 


The number of times a frame with a station’s recognized address had 
the frame copied indicator (FCI) set. 


hard errors 


The number of times a streaming error, frequency error, signal loss 
error, or internal error was detected. 


internal errors 
The number of times a recoverable internal error was detected. 
line errors 


The number of times a frame was repeated or copied, the error detected 
indicator (EDI) was zero in the incoming frame, or one of the following 
occurred: 


¢ A code violation occurred between the starting delimiter and 
ending delimiter of the frame 


¢« A code violation existed in the token 
e A frame check sequence (FCS) error occurred 


lobe wire faults 


The number of times a wire fault condition was detected. 
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lost frame errors 


The number of times an adapter was transmitting data and failed to 
receive the end of the frame it transmitted. 


multicast blocks received 


The number of frames successfully received in multicast frames. 


multicast blocks sent 


The number of frames successfully transmitted in multicast frames. 


multicast bytes received 


The number of bytes successfully received in multicast frames. 


multicast bytes sent 


The number of bytes successfully transmitted in multicast frames. 


receive data overruns 


The number of times a frame was received and the station had no 
available buffer space. 


removes received 


The number of times a remove ring station MAC frame was received. 
ring recoveries 
The number of times a ring recovery has occurred. 


seconds since last zeroed 


The number of seconds since the associated counter attributes were 
set to zero. 


self test failures 
The number of times the self test has failed. 
Signal loss 


The number of times a broken ring, faulty wiring concentrator, 
transmitter malfunction, or receiver malfunction was detected. 


Single stations 


The number of times there was only one station on the ring. 
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soft errors 


The number of times an error MAC frame was transmitted. 


token errors 
The number of times an active monitor recognized an error condition 
that required a token be transmitted. 

transmit failures 


The number of times a transmit error (other than transmit underrun) 
occurred. 


transmit underrun errors 


The number of times a transmit underrun error occurred. This 
indicates the transmit first-in/first-out (FI1FO) buffer became empty 
during frame transmission. 

unrecognized frames 
The number of times a received, individually addressed logical link 
control (LLC) frame was discarded because there was no data link port. 


unrecognized multicast frames 


The number of times a received LLC frame addressed to a multicast 
address was discarded because there was no data link port. 


A.3.2. Token Ring and Host Information 


This section lists the token ring and host information alphabetically. 


Beacon station physical drop number 


The physical location of the upstream station that transmitted a 
beacon. 


Early token release 


This field can have one of the following values: 


True The station will release the token when it completes frame 
transmission. The default for 16 Mb/s rings. 


False The station will release the token when it receives the transmitted 
frame header. The default for 4 Mb/s rings. 
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Functional address 


The functional address of the station. Functional addresses identify 
predefined devices through bit-significant |ocally-administered group 
addresses. Some devices include: 


Active monitor 


CO 00 00 00 00 O01 


Ring Parameter Server (RPS) CO 00 00 00 00 02 
Ring Error Monitor (REM) CO 00 00 00 00 08 


Configuration Report Server CO 00 00 00 00 10 


(CRS) 


Source Route Bridge (SRB) CoO 00 00 00 01 00 


Group address 


The group address of the station. 


Last beacon upstream neighbor address 


The address of the upstream station that transmitted a beacon. 


Last major vector 


The function the adapter is to perform. This field can have one of the 


following values: 


Active monitor present The active monitor requested a standby 


Beacon 


Change parameters 


Claim token 


Duplicate address test 


Initialize ring station 


Lobe media test 


Remove ring station 


Report error 


monitor present MAC frame from its nearest 
downstream neighbor. 


Used by the adapter in the beacon process. 


The network manager is changing adapter 
parameters. 


Used by the adapter in the monitor contention process. 


The adapter is verifying that its address is 
unique on the ring. 


The ring parameter server is setting adapter 
parameters. 


The adapter is testing the continuity of the 
wire in a loopback path. 


The network manager is requesting the adapter 
to remove itself from the ring. 


The adapter is reporting soft error events to 
the ring error monitor. 


Monitoring the Network Interfaces 


Report monitor error 


Report new monitor 
Report ring poll failure 
Report station address 


Report station 
attachment 


Report station state 
Report SUA change 
Report transmit 
forward 

Request initialization 
Request station 


address 


Request station 
attachment 


Request station state 


Response 


Ring purge 


Standby monitor 
present 


Transmit forward 


Local ring number 


The adapter is reporting a problem with the 
active monitor or a possible duplicate station 
address to the ring error monitor. 


The active monitor adapter, after winning contention, 
is reporting this status to the network manager. 


The active monitor is reporting a failure in the ring 
poll process to the ring error monitor. 


The adapter is reporting its station address 
to the network manager. 


The adapter is reporting its attachment status 
to the network manager. 


The adapter is reporting its state to the 
network manager. 


The adapter is reporting a change in the stored 
upstream address (SUA) to the network manager. 


The adapter is reporting a frame that has been 
forwarded and stripped to the network manager. 


The adapter is requesting operational parameters 
from the ring parameter server. 


The network manager is requesting a report station 
address MAC frame from the adapter. 


The network manager is requesting a report station 
attachment MAC frame from the adapter. 


The network manager is requesting a report station 
state MAC frame from the adapter. 


The adapter is sending a positive acknowledgement 
to frames that require acknowledgement or is 
reporting syntax errors in the MAC frame. 


Used by the active monitor during the 
ring purge process. 


The adapter is responding to an active monitor 
present or standby monitor present MAC frame. 


Used in the transmit forward process. 


The local ring number of the station. 


MAC address 


The MAC address of the station. 
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Monitor contender 


Indicates whether the station will participate in the monitor contention 
process. This field can have the following values: 
No The station will not participatein the monitor contention process. 


Yes The station will participate in the monitor contention process. 


Open status 


The status of the adapter on the ring. This field can have one of the 
following values: 
Close The adapter is not operational on the ring. 


Open The adapter is operational on the ring. 


Physical drop number 


The physical location of the station. 


Reason for receiving beacon 


The reason why the adapter is receiving a beacon MAC frame. This 
field can have one of the following values: 


Bit streaming A monitor contention timeout occurred while an 
adapter was in monitor contention transmit mode 
and before a claim token MAC frame was received. 


Contention streaming A monitor contention timeout occurred while 
an adapter was in monitor contention mode 
(transmit or receive) and received one or 
more claim token MAC frames. 


No beacon The adapter is not receiving a beacon MAC frame. 
Signal loss An adapter detected a signal loss. 


Reason for transmitting beacon 


The reason why the adapter is transmitting a beacon MAC frame. This 
field can have one of the following values: 


Bit streaming A monitor contention timeout occurred while the 
adapter was in monitor contention transmit mode 
and before a claim token MAC frame was received. 
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Contention streaming 


No beacon 


Signal loss 


Ring speed 


A monitor contention timeout occurred while 
the adapter was in monitor contention mode 
(transmit or receive) and received one or 
more claim token MAC frames. 


The adapter is not transmitting a beacon 
MAC frame. 


The adapter detected a signal loss on the ring. 


The ring speed: 4 Mb/s or 16 Mbjs. 


Ring status 


Status reported by the adapter tothe driver. This field can have one of 


the following values: 


Auto removal error 


Counter overflow 


Hard error 


Lobe wire fault 


No problems detected 


Remove received 


Ring recovery 


Signal loss 


Single station 


Soft error 


Transmit beacon 


Soft error timer value 


The adapter failed the lobe wrap test and 
removed itself from the ring. 


One of the adapter’s error counters has 
exceeded its maximum value. 


The adapter is transmitting beacon frames to or 
receiving beacon frames from the ring. 


The adapter detected an open or short 
circuit in the cable between the adapter 
and the wiring concentrator. 


The ring is operating normally. 


The adapter received a remove ring station MAC 
frame request and removed itself from the ring. 


The adapter is observing claim token MAC 
frames on the ring. 


The adapter detected a loss of signal on the ring. 


The adapter sensed that it is the only 
station on the ring. 


The adapter transmitted a report error 
MAC frame. 


The adapter is transmitting beacon 
frames on the ring. 


The number of milliseconds that elapse from the time the adapter 
detects a soft error until it sends a report error MAC frame to the ring 


error monitor. 
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Token ring chip 


The type of chip used by the sending station. 


Transmit access priority 


The priority level at which this station can access the ring. This field 
can have a value from 0 (lowest priority) to 7 (highest priority). 


Upstream neighbor address 


The address of the upstream station. 


Upstream physical drop number 


The location of the upstream station. 
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Writing Automount and AutoFS Maps 


There are three types of Automount or AutoFS maps: 


e Master 
¢ Direct 
e¢ Indirect 


The maps can be written in a variety of ways. They can be simple or can use 
multiple mounts, shared mounts, replicated file systems, or any combination 
of the three. As discussed in Section B.1, indirect maps can be written to 
reduce redundancy by using substitution characters and pattern matching. 
The examples in this section illustrate how the same maps can be rewritten 
in a number of ways. 


Figure B-1 illustrates an auto.master map that points to the 
/etc/auto.direct direct map, the built-in -hosts map, and the 
/etc/auto.home indirect map. Each map to which the auto. master 
map points is expanded to show its sample contents. Note that all of 

the information contained in the master map can be specified on the 
command line. The master map, however, simplifies Automount and AutoFS 
administration. 
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Figure B—1: Sample automount Maps 


# auto.master 
/- /etc/auto.direct 
/net -hosts 


/home /etc/auto.home 


/etc/auto.direct: 


/mnt /mytmp june:/usr/staff/jones/tmp 
/mnt/mynotes june:/usr/staff/jones/notes 
/usr/arch -ro chester: /usr/arch 


-hosts: 
a special 
automount map 


/etc/auto.home: 


host1:/usr/staff/userl 
host2:/usr/staff/user2 
host2:/usr/staff/user3 


host2:/usr/staff/user4 
host3:/usr/staff/user5 


ZK-0464U-Al 


The following examples show how the /etc/auto.direct map in 

Figure B-1 can be rewritten using multiple mounts (Example B-1); multiple 
mounts and shared mounts (Example B-2); and multiple mounts, shared 
mounts, and replicated file systems (Example B-3). 


Example B-1: Multiple Mounts in a Direct Map 


/mnt /mytmp june: /usr/staff/jones/tmp 
/mnt/mynotes june:/usr/staff/jones/notes 
/usr/arch vA -ro chester:/usr/arch \ 
/osd -ro chester:/usr/arch/bsd \ 
/standards -ro chester:/usr/arch/standards \ 
/dec/uws -ro chester:/usr/arch/dec/uws \ 
/dec/ultrix -ro chester: /usr/arch/dec/ultrix 
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Example B-2: Multiple Mounts and Shared Mounts in a Direct Map 


/mnt /mytmp june: /usr/staff/jones:tmp 
/mnt/mynotes june: /usr/staff/jones:notes 
/usr/arch J —ro chester:/usr/arch \ 
/bsd —-ro chester:/usr/arch/bsd \ 
/standards —ro chester:/usr/arch/standards \ 
/dec/uws —ro chester:/usr/arch/dec/uws \ 
/dec/ultrix -ro chester: /usr/arch/dec/ultrix 


Example B-3: Multiple Mounts, Shared Mounts, and Replicated File 
Systems in a Direct Map 


/mnt /mytmp june: /usr/staff/jones: tmp 
/mnt/mynotes june: /usr/staff/jones:notes 
/usr/arch / -ro chester:/usr/arch \ 
/osd -ro chester:/usr/arch/bsd \ 
bazel:/src/bsd \ 
/standards -—ro chester:/usr/arch/standards \ 
/dec/uws -ro chester: /usr/arch/dec/uws \ 
fiesta: /archive/uws\ 
/dec/ultrix -ro chester: /usr/arch/dec/ultrix 


The /etc/auto.direct maps in the preceding examples could be rewritten 
as indirect maps. If the /etc/auto.direct map is rewritten to bean 
indirect map, the entry pointing toit in the auto.master map would look 
like the following: 


/mnt /etc/auto.indirect 


Rewritten as a simple indirect map (/etc/auto.indirect), the 
/etc/auto.direct map in Figure B-1 would read as shown in 
Example B-4. 


Example B—4: Simple Indirect Map 


mytmp june: /usr/staff/jones/tmp 
mynotes june: /usr/staff/jones/notes 
arch -ro chester: /usr/arch 


Note that the key is a simple pathname. 


The following examples illustrate that indirect maps can also be rewritten 
using multiple mounts (Example B-5); multiple mounts and shared mounts 
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(Example B-6); and multiple mounts, shared mounts, and replicated file 
systems (Example B- 7). 


Example B—5: Multiple Mounts in an Indirect Map 


mytmp june: /usr/staff/jones/tmp 
mynotes june: /usr/staff/jones/notes 
arch / —-ro chester:/usr/arch \ 
/osd —ro chester:/usr/arch/bsd \ 
/standards —-ro chester:/usr/arch/standards \ 
/dec/uws -ro chester:/usr/arch/dec/uws \ 
/dec/ultrix -ro chester: /usr/arch/dec/ultrix 


Example B-6: Multiple Mounts and Shared Mounts in an Indirect Map 


mytmp june: /usr/staff/jones: tmp 
mynotes june: /usr/staff/jones:notes 
arch / -ro chester:/usr/arch \ 
/osd -ro chester:/usr/arch/bsd \ 
/standards —ro chester:/usr/arch/standards \ 
/dec/uws —ro chester:/usr/arch/dec/uws \ 
/dec/ultrix —-ro chester: /usr/arch/dec/ultrix 


Example B—7: Multiple Mounts, Shared Mounts, and Replicated File 
Systems in an Indirect Map 


mytmp june: /usr/staff/jones: tmp 
mynotes june: /usr/staff/jones:notes 
arch / —-ro chester:/usr/arch \ 
/bosd -ro chester:/usr/arch/bsd \ 
bazel:/src/bsd \ 
/standards -ro chester:/usr/arch/standards \ 
/dec/uws -ro chester:/usr/arch/dec/uws \ 
fiesta: /archive/uws\ 
/dec/ultrix —-ro chester: /usr/arch/dec/ultrix 


The-hosts map is a built-in map supplied by Automount and AutoF S. 
This map allows a client to access directories that are exported from any 
host in its hosts database. The location of the hosts database that your 
system uses is determined by the services running on your system (DNS, 
NIS, local) and how those services are specified in the /etc/svc.conf file 
References to a particular host name result in all of the file systems that are 
exported from that host being mounted on the local system. F or example, 
the following command results in all of the file systems that are exported 
from host1 being mounted on the local system: 
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# cd /net/host1l 


The /etc/auto.home map shown in Figure B-1 is an indirect map that 
allows users to remotely mount their home directories. It can be rewritten 
using the ampersand (&) and asterisk (*) substitution characters. 


The following example shows how the /etc/auto.home map in Figure B-1 
can be rewritten using ampersands (&): 


userl hosti1:/usr/staff/& 
user2 host2:/usr/staff/& 
user3 host2:/usr/staff/& 
user4 host2:/usr/staff/& 
user5 host3:/usr/staff/& 


B.1 Substitution and Pattern Matching 


Both the automount and autofsmount commands recognize the following 
substitution characters, allowing you to eliminate redundancy within maps: 


« The ampersand (&) can be used in both direct and indirect maps; 
however, it is most efficient and easily understood when used in indirect 
maps. 


e« Theasterisk (*) can be used in indirect maps only. 
Because the ampersand and asterisk are most easily used in indirect maps, 


this section discusses them in the context of indirect maps only. Recall that 
lines in indirect maps have the following syntax: 


key mount -options location 


Whenever the automount or autofsmount commands encounter an 
ampersand (&) in a line of an indirect map, they substitute the key in that 
line for the ampersand (&). 


The following example is an indirect map that does not use ampersands: 


#key mount -options location 

# 

host1 -rw,nosuid host1:/home/host1 
host2 -rw,nosuid host2: /home/host2 


Using the ampersand (&) as a substitution character, the entries read as 


follows: 

#key mount -options location 
# 

hostl -rw,nosuid &:/home/& 
host2 -rw,nosuid &:/home/& 


You can use the asterisk (*) to substitute for lines that are all formatted 
similarly. Both daemons use the asterisk to match any host not listed as a 
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key in an entry before the asterisk. The following example shows how the 
asterisk (*) is typically used: 


#key mount -options location 
# 

hostl -—rw,nosuid &: /home/& 
host2 -rw,nosuid &:/home/& 

* -rw,nosuid &:/home/& 


Suppose a user enters the following command: 


% 1s /home/host5 


Either daemon recognizes the host name, host5, as the key and substitutes 
host5 for each of the ampersands in the location field. The map is 
interpreted as follows for host5: 


#key mount -options location 

# 

host5 -rw,nosuid host5:/home/host5 
Note 


The automount and autofsmount commands ignore any entry 
that follows an asterisk. 


B.2 Environment Variables 


You can use the value of an environment variable in a map by adding a 
dollar sign ($) prefix to its name. You also can use braces ({}) to delimit the 
name of the variable from appended letters or digits. 


Environment variables can be inherited from the environment or can be 
defined explicitly with the -D option on the command line. For example, you 
can invoke the automount daemon with the HosT variable by entering the 
following command: 


# automount —D HOST=hostname 


To define the same variable for the autofsd daemon, enter the following 
command: 


# autofsd —D HOST=hostname 


The following is an example of a direct map entry that uses the environment 
variable HOST to define subnetworks: 


/mydir —-rw server: /export/SHOST 
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B.3 Mounting File Systems 
Automount and AutoFS provide several ways to mount remote directories 
and file systems: 
e« Multiple mounts 
e Shared mounts 
¢ Replicated file systems 


B.3.1 Multiple Mounts 


When you write direct and indirect maps, you can specify that different 
directories within a file system hierarchy be mounted from different servers. 
For example, if you mount the /usr/local file system on your machine, 
you can mount the various subdirectories within /usr/local from different 
servers. 


The following example shows an entry in a direct map in which the 
directories /usr/local/bin, /usr/local/sre, and /usr/local/tools 
are mounted from the machines host1, host2, and host3, respectively: 


/usr/local\ 
/bin -ro host1:/usr/local/bin \ 
/srce -ro host2:/usr/local/sre \ 
/tools -ro host3:/usr/local/tools 


This is a direct map because the key, /usr/local, is an absolute 
pathname. If this were an entry in an indirect map, the key would bea 
simple pathname, such as local. Thekey, /usr/local, comprises three 
subdirectories, each of which is a mount point for a remote directory on a 
different remote server. The example shows the entry split into four lines 
with the continuation lines indented for readability. 


The preceding example shows multiple, nonhierarchical mounts under 
/usr/local. The following example shows a true hierarchical entry: 


/usr/local \ 


/ -ro host0:/usr/local \ 

/bin —-ro host1:/usr/local/bin \ 
/src —-ro host2:/usr/local/sre \ 
/tools -ro host3:/usr/local/tools 


The mount points used here for the hierarchy are /, /bin, /src, and 
/tools. Note that these mount points are relative to /usr/local. The 
mount point / mounts /usr/local from host0. 


When file systems are mounted hierarchically, the entire hierarchy is treated 
as one object. Each file system is mounted on a subdirectory within another 
file system, and when a subdirectory within the hierarchy is referenced, 
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the daemon mounts the entire hierarchy. The entire hierarchy is also 
unmounted as one object. The only exception is specific to AutoFS. 


Likethe automount daemon, the autofsd daemon creates symboliclinks for 
file systems that are served locally. But if the autofsd daemon encounters 
an entry in a list of hierarchical file systems that is served locally and would 
result in a circular symbolic link on the local system (for example, a link from 
the /usr/local/bin directory back to itself), the group semantic is lost. 
AutoF S will mount and unmount the file systems on an individual basis. 


This happens because AutoF S is designed to mount a remote file system on 
(or create a symbolic link to) the designated mount point itself. It does not, 
as Automount does, create an additional symbolic link back to a special 
/tmp_mnt directory from which the remote file system is actually served. 


B.3.2 Shared Mounts 


When multiple directories within the same remote directory are mounted, 
the location field can be specified as follows: 


host :path: subdir 


Note 


AutoFS does not support this syntax. If the autofsmount 
command encounters this syntax, it converts the final colon (:) to 
a slash (/) and treats the entry as atypical AutoFS mount. 


The host field is the remote host from which to mount the file system. The 
path field is the pathname of the directory to mount, and the subdir field, 
if specified, is the name of the subdirectory to which the symbolic link is 
made. This prevents duplicate mounts of the same remote file system when 
multiple subdirectories within it are accessed. 


Suppose an indirect map called /auto.myindirect is specified in a master 
file as follows: 


/mydir /auto.myindirect 
And the /auto.myindirect map consists of the following entries: 


mybin host1:/usr/staff/diane:bin 
mystuff host1:/usr/staff/diane: stuff 


When a user accesses a filein /mydir/mybin, the automount daemon 
mounts host1:/usr/staff/diane, but creates a symbolic link called 
/mydir/mybin to the bin subdirectory in the temporarily mounted file 
system. If a user immediately tries to access a filein /mydir/mystuff, the 
automount daemon needs only to create a symbolic link that points to the 
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stuff subdirectory because the /usr/staff/diane directory is already 
mounted. With the following map, the daemon would perform two separate 
mount operations: 


mybin host1:/usr/staff/diane/bin 
mystuff host1:/usr/staff/diane/stuff 


B.3.3 Replicated File Systems 


You can specify multiple locations for a single mount. If a file system is 
located on several servers and one of the servers is disabled, the file system 
can be mounted from one of the other servers. This makes sense only when 
mounting a read-only file system. 


In the following example, the reference pages can be mounted from host1, 
machine2, or system3: 


/usr/man\ 
-ro, soft host1:/usr/man \ 
machine2:/usr/man \ 
system3:/usr/man 


The preceding example can also be expressed as a list of servers, separated 
by commas and followed by a colon and the pathname, for example: 


/usr/man -ro,soft host1,machine2,system3:/usr/man 


This syntax is valid only if the pathname is the same on each server. 


When you access the reference pages, the automount daemon issues a ping 
(NFS v2 loop request) to each of the specified servers concurrently. The 
server that first responds to the ping request is used for the mount. In 
contrast, the autofsd daemon first checks to see if the file system can be 
served locally. If so, the daemon uses a symbolic link to access the resource. 
If not, it selects the first server on the list that responds toa mount request. 
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NIS ypservers Update Scripts 


This appendix provides the following scripts for updating the ypservers 
map: 


addypserver — Adds a Slave server 
rmypserver — Removes a slave server 


C.1 Add Slave Server Script 


Use the following procedure to create the addypserver script on an NIS 
master server: 


1. 


Create an addypserver filein the /var/yp directory and insert the 
following lines. Where method appears, specify the format in which the 
map is to be stored: 


#!/bin/sh 
PATH="/usr/bin:/var/yp:$PATH" 
if’ [| s# 1] 1, ‘)>- then 
echo "usage: $0 server"; exit 1 
£4: 
DOMAIN=‘/usr/sbin/remgr get NIS DOMAIN‘ 
cd /var/yp 
echo " 


Adding $1 to ypservers map for domain DOMAIN ..." 
(/var/yp/makedbm -u $DOMAIN/ypservers; \ 

echo $1 $1) | /var/yp/makedbm -a method tmpmap 
mv tmpmap.dir SDOMAIN/ypservers.dir 

mv tmpmap.pag $SDOMAIN/ypservers.pag 

yppush ypservers 


Set the permissions to 700, using the chmod command as follows: 


# chmod 700 /var/yp/addypserver 


To add host1 tothe ypservers map, enter the following command: 


# /var/yp/addypserver hostl 


You still need to edit the NIS master server’s master hosts file and add an 
entry for the slave server, if it is not already in the hosts file. Then, update 
and distribute the map by entering the make command. See Section 9.4.1 
for more information. 
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C.2 Remove Slave Server Script 


Use the following procedure to create the rmypserver script on an NIS 
master server: 


1. Createa rmypserver file in the /var/yp directory and insert the 
following lines. Where method appears, specify the format in which the 
map is to be stored: 


#!/bin/sh 
PATH="/usr/bin:/var/yp:$PATH" 
if [ S# != 1]; then 
echo "usage: $0 server"; exit 1 
fi 
DOMAIN=‘/usr/sbin/remgr get NIS DOMAIN‘ 
cd /var/yp 
echo " 


Removing $1 from ypservers map for domain DOMAIN ..." 
/var/yp/makedbm -u $DOMAIN/ypservers | grep -v $1 \ 

| /var/yp/makedbm -a method tmpmap 

mv tmpmap.dir $DOMAIN/ypservers.dir 

mv tmpmap.pag $DOMAIN/ypservers.pag 

yppush ypservers 


2. Set the permissions to 700, using the chmod command as follows: 


# chmod 700 /var/yp/rmypserver 


To remove host1 from the ypservers map, enter the following command: 


# /var/yp/rmypserver hostl 
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NFS Error Messages 


You might see the following types of NFS error messages: 
e Server error messages 
¢ Client error messages 


D.1 Server Error Messages 


The following error messages are issued to the screen or console or sent to 
the syslogd daemon. 


authget: unknown authflavor n 
authflavor 


Explanation: Each NFS request has an authentication type. This 
message is displayed if the type is not AUTH_UNIX. 


User Action: Have the client application use the AUTH_UNIX 
authentication type. 


fh3tovp: bad length: n 


Explanation: A client sent a bad file handle to the server. 


NFS request from unprivileged port, source IP address = n 


Explanation: The server, performing NFS server port monitoring, 
received an NFS request from a nonprivileged port (greater than or 
equal to 1024) on a client. This might indicate a security problem. 


NFS server: fs(n,n) not mounted; client address = n.n.n.n 


Explanation: The client requested a file on a file system that is not 
mounted or does not exist on the server. This can occur if a file system 
is unmounted while clients are using it or if the client passed an 
invalid file handle. 


User Action: Make sure that the appropriate file system is mounted 
on the NFS server. If the file system is mounted on the same device, 
have the client system retry the operation. If the file system is mounted 
on a different device, have the client system unmount and remount the 
remote file system. 
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NFS 


server: stale file handle fs(n,n) file file gen n, 


client address = n.n.n.nerrno n 


NFS 


Sr dds. 


rfs_ 


rfs 
ret 


rfs 


ris | 


too 


Explanation: The client accessed a file that no longer exists. The file 
was deleted either by the server or by another client. 


server: unexported fs(n,n) file file, client address 
n.n.n 


Explanation: A client that previously had access to a file system 
can no longer access the file system, either because of changes in the 
/etc/exports file or in the net group mapping. 


User Action: Have the client system unmount the file system. 


dispatch botch 
Explanation: The duplicate request cache routine returned an illegal 
value. 


dispatch: bad rfs reply n 


Explanation: A server routine did not return a value or returned 
an incorrect value. 


dispatch: dispatch error, no reply 
dispatch: sendreply failed 


Explanation: Possible reasons for this message include the following: 


e« Theserver is out of memory and cannot process or reply toa 
request. 


e« Theserver cannot find a route to the source. 
¢« Thereis some other network-related problem. 


many nfsds 


Explanation: There are more nfsd daemons registered with NFS 
than were started. 


D.2 Client Error Messages 


This appendix provides an explanation and suggested user actions for the 
following classes of client error messages: 


¢ Remote mount error messages 


e Automount error messages 


e AutoFS error messages 


* Console error messages 
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Within each section, error messages are listed alphabetically. 


D.2.1 Remote Mount Error Messages 


The following error messages are displayed if you are mounting directories 
or file systems from remote systems: 


mount: unknown special file or file system xxx 


Explanation: There is no entry in the /etc/fstab file for the mount 
point that you specified in the mount command line. 


User Action: Verify that there is an entry in the /etc/fstab file for 
the file system. If not, add an entry. If one exists, look for syntax errors 
or typos in the entry. See fstab(4). 


/etc/fstab: No such file or directory 


Explanation: The /etc/fstab file does not exist. The mount 
command discovered this when it tried to look up the name specified on 
the command line. 


User Action: Create an /etc/fstab file and indlude the appropriate 
entries. See fstab(4). 


nfs mount: Permission denied for yyy 


Explanation: Your host name is not in the export list for the file 
system or directory you want to mount from the server. 


User Action: 


1. Geta list of your host’s exported file systems and directories 
by using the showmount —e command. For example, enter the 
following command if your server’s host name is host2: 


# /usr/bin/showmount -e host2 


2. Ifthe file system or directory you want to mount remotely is not on 
the list, or if your host or network group name is not on the user 
list for the file system or directory, log in to the server and look in 
the /etc/exports file for the correct file system entry. 


3. Ifthe file system or directory nameisin the /etc/exports file, 
but not in the output from showmount, the failureisin the mountd 
daemon. The mountd daemon could not parse that line in the file, 
could not find the file system or directory, or the file system or 
directory name was not a locally mounted file system. 


If the file system or directory nameis inthe /etc/exports file 
and Network Information Service (NIS) is configured, verify 
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that the ypbind daemon is running; it might have stopped. See 
exports(4) for further information. 


nfs mount: cannot mount xxxon yyy: Mount device busy 
Explanation: The file system or directory you are trying to mount 


is already mounted. 


nfs mount: cannot mount xxxon yyy: No such file or 
directory 


Explanation: The local mount point does not exist. 
User Action: Verify that the mount point exists and that it is spelled 
correctly. 

nfs mount: cannot mount xxxon file: Not a directory 


Explanation: Either the remote file system or the local mount point is 
not a directory. 


User Action: Verify that the remote file system and the local mount 
point are directories (not files) by using the 1s command. Verify the 
spelling of both directories. 

nfs mount: cannot mount xxxon yyy: Not owner 
Explanation: You must mount the remote file system or directory as 
superuser (root) on your system. 


nfs mount: illegal file system name xxx; use host:pathname 


Explanation: You did not specify the name of the server when you 
issued the mount command. 


User Action: F or example, to mount the file system /usr/src from 
the server host2, enter the following command: 


# mount host2:/usr/sre /host2/usr/sre 


nfs mount: invalid directory name xxx 
diréctory pathname must begin with ‘/’. 


Explanation: The mount point on the local (client) system must be an 
absolute path starting at the root directory (/). 


nfs mount: RPC: Authentication error; 
why=Client credential too weak 


Explanation: The server is allowing client superuser mounts only and 
you are not a superuser. See mount d(8) for further information. 
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nfs mount: RPC: Authentication error; 
why=Server rejected credential 


Explanation: Possible reasons for this error message include the 
following: 


The server is running with Internet address verification turned on 
and it cannot resolve your Internet address. If your system has 
multiple network interfaces configured, the server must be able to 
resolve all IP addresses, either using the local /etc/hosts file 
or the distributed hosts file. 


The server is running with domain or subdomain verification 
turned on and your system is not in the same domain or subdomain 
as the server. 


See mount d(8) for further information. 


nfs mount: xxx server not responding: port mapper failure 
rpc timed out Giving up on yyy 


Explanation: The server you are trying to mount from is down, or its 
port mapper is inoperative. 


User Action: 


1. 


Log in remotely tothe server. If you are able to log in, the network 
is working. 


Execute the rpcinfo command from the server. For example, for 
a server named host2, you would enter the following command: 


# /usr/sbin/rpcinfo -—p host2 


If the port mapper is running properly on the server, the rpcinfo 
command lists the registered program numbers. If it does not, 
restart the port mapper on the server. You also need a port mapper 
running on the client host; if it is not running there, start it. See 
portmap(8) for more information. 


After you restart the port mapper, stop the NFS daemons by 
entering the following command: 


# /sbin/init.d/nfs stop 


If NIS is running, stop the ypbind daemon on the server. Use 
the ps command to obtain the process ID (PID) and the kill 
command to stop the process: 


# ps -A | grep ypbind 

439 ?? I 0:00.02 /usr/sbin/ypbind ... 
170866 pts/3 S + 0:00.01 grep ypbind 
# kill -9 439 
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4. If you stopped the ypbind daemon, restart it by entering the 
following command: 


# /usr/sbin/ypbind & 


Restart the NFS daemons on the server by entering the following 
command: 


# /sbin/init.d/nfs start 


nfs mount: xxx server not responding: rpc prog not 
registered 


Explanation: The mount command got through to the port mapper, 
but the NFS mountd daemon was not registered. 


User Action: 


1. Login to the server. 


2. Verify that the /usr/sbin/mountd file exists by using the 1s 
command. 


3. Runtheps command tosee if the mountd daemon is running. If it 
is not running, restart it by entering the following command: 


# /usr/sbin/mountd 


Can’t get net id for host 


Explanation: Thereis no entry in the /etc/hosts file for the NFS 
server specified in the mount command line. If NIS is running, there 
is noentry in the hosts NIS map for the host name specified. If 
BIND is running, there is no entry in the hosts database for the host 
name specified. 


D.2.2 Automount Error Messages 
The following error messages are issued to the screen or console or sent to 
the syslogd daemon by the automount program: 


bad entry in map mapname 


Explanation: The map entry in mapname is malformed and the 
automount program cannot interpret it. 


User Action: Verify the entry; you might need to include escape 
characters. 


Can’t mount mountpoint: reason 


Explanation: The automount program cannot mount itself at 
mountpoint. Theerror is indicated in the reason statement. 
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couldn’t create directory: reason 


Explanation: The automount program could not create a directory. 
The error is indicated in the reason statement. 


dir mountpoint must start with ‘/’ 
Explanation: The mountpoint must havea full pathname. 
User Action: Verify both the spelling and path name of the mount 
point. 

hierarchical mountpoint: mountpoint 


Explanation: The automount program will not allow itself to be 
mounted within an automounted directory. 


User Action: Use another strategy to mount the directory. 


host hostname not responding 


Explanation: The automount program attempted to mount from 
hostname but received no response or failed. These errors could 
indicate a server or network problem. 


hostname: filesystemserver not responding 


Explanation: The automount program attempted to mount from 
hostname but received no response or failed. These errors could 
indicate a server or network problem. 


hostname: exports: roc_err 


Explanation: The automount program encountered an error while 


attempting to get the list of exported file systems and directories that it 


is allowed to mount from hostname. 


This error occurs when a user attempts to access a mount point that 
has the -hosts map associated with it. This error indicates a server 
or network problem. 


hostname: filesystemalready mounted on mountpoint 


Explanation: The automount program is attempting to mount a file 
system on a mount point that has already been mounted with that 
file system. 


map mapname, key key: bad 


Explanation: The map entry in mapname is malformed and the 
automount program cannot interpret it. 
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User Action: Verify the entry; you might need to include escape 
characters. 
mapname: Not found 
Explanation: The automount program cannot locate the map it 
requires. This message is returned only when you specify the—v option. 
mapname: yp_err 


Explanation: The automount program encountered an error when 
looking up an NIS map entry. 


Mount of hostname:filesystem on mountpoint: reason 


Explanation: The automount program attempted to mount from 
hostname but received no response or failed. These errors could 
indicate a server or network problem. 


mountpoint: Not a directory 


Explanation: The mountpoint exists but is not a directory. 


User Action: Verify both the spelling and pathname of the mount 
point. 


mountpoint-— pathname from hostname: absolute symbolic link 


Explanation: The automount program detected that mountpoint 
is an absolute symbolic link (begins with /). The content of the link is 
pathname. Because this might have undesired consequences on the 
client, the automount program will not mount on absolute symbolic 
links. 


no mount maps specified 


Explanation: The automount program cannot find any maps to 
serve, nor can it find any NIS maps. This message is returned only 
when you specify the —v option. 


WARNING: hostname:file system already mounted on mountpoint 
Explanation: The automount program is mounting itself on top of an 
existing mount point. This message is a warning only. 

WARNING: mountpoint not empty! 


Explanation: The mountpoint directory is not empty. This message 
is returned only when you specify the —v option. It is warning you that 
the previous contents of mountpoint will not be accessible while the 
mount is in effect. 
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The following error messages can occur when a file system is exported from 
multiple servers as specified in a multiple-server map entry. They indicate 
possible network problems that can occur when the automount daemon 
requests a response from the servers. 


Cannot create socket for broadcast rpc: srpc_err 
Explanation: No server in a multipleserver map entry is responding. 


This indicates that the replicated file system could not be reached 
on any of the specified servers. 


Cannot receive reply to many_cast: rpc_err 


Explanation: No server in a multipleserver map entry is responding. 
This indicates that the replicated file system could not be reached 
on any of the specified servers. 


Cannot send broadcast packet: rpc_err 


Explanation: No server in a multiple-server map entry is responding. 
This indicates that the replicated file system could not be reached 
on any of the specified servers. 


Many_cast select problem: rpc_err 


Explanation: Noserver in a multiple-server map entry is responding. 
This indicates that the replicated file system could not be reached 
on any of the specified servers. 


NFS server (pid n@mountpoint)not responding still trying 


Explanation: An NFS request to the automount daemon with PID n 
serving mount point has timed out. The automount daemon might be 
overloaded or not running. 


User Action: |f the condition persists, reboot the client. You can also 

do the following: 

1. Exit all processes that are using automounted directories. 

2. Kill the current automount process. 

3. Restart the automount process from the command line. 
Remount hostname:filesystemon mountpoint server not 
responding 


Explanation: The automount program was attempting to remount 
filesystem because it discovered that a part of the automounted 
hierarchy at the mountpoint was busy. The remote file system’s 
server, hostname, did not respond to the mount request. This error 
indicates a server problem. 
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trymany: servers not responding: reason 


Explanation: No server in a multiple-server map entry is responding. 
This indicates that the replicated file system could not be reached 
on any of the specified servers. 


D.2.3  AutoFS Error Messages 


The following sections describe error messages for the two components of 
AutoF S: the autofsd daemon and the autofsmount command. 


D.2.3.1 autofsd Messages 
The following error messages are issued to the screen or console or sent to 
the syslogd daemon by the autosfd program: 
autofs not configured 
Explanation: AutoFS is not properly configured in the kernel. 


User Action: |f necessary, add the AUTOFS option to the 

kernel configuration file and rebuild the kernel. See the System 
Administration for more information on modifying and rebuilding the 
kernel. 


autofsd: Entire cluster not up to same version 


Explanation: All of the nodes in the TruCluster Server cluster are not 
running the same version of the operating system. 


User Action: | nstall the same version of the operating system, Version 
5.1 or higher, on all nodes. 
Cannot create socket for nfs: reason 


Explanation: Network socket creation failed due to reason. 


can’t mount hostname 


Explanation: A mount request was rejected by the mountd daemon 
on hostname. This error usually indicates a permissions problem or 
that the file system does not exist. 


User Action: Verify the export permissions in the /etc/exports file 
on the server and verify that the file system exists. 


Can‘ t ping mountd version NFS-version at server hostname 


Explanation: The autofsd daemon attempted to communicate with 
the mountd daemon on the hostname server, but received no response. 
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User Action: Verify the status of the network and verify that the 
server is properly configured and running NFS services. 


cfg subsys state returned errorcode 


Explanation: AutoFS is not properly configured in the kernel. 


User Action: If necessary, add the AUTOFS option to the 

kernel configuration file and rebuild the kernel. See the Systen 
Administration for more information on modifying and rebuilding the 
kernel. 


host hostname not responding 


Explanation: The autofsd daemon attempted to mount from 
hostname but it received no response or the request failed. These 
errors could indicate a server or network problem. 


User Action: Verify the status of the network and verify that the 
server is properly configured and running NFS services. 


hostname exports: rpc_err 


Explanation: The autofsd daemon encountered an error while 
attempting to get the list of exported file systems and directories that 
is allowed to mount from hostname. This occurs during attempted 
access toa mount point with the -hosts map. It indicates a server 
or network problem. 

User Action: Verify the status of the network and verify that the 
server is properly configured and running NFS services. 


hostname: mountd not responding reason 


Explanation: The autofsd daemon attempted to communicate with 
the mountd daemon on the hostname server, but received no response. 


User Action: Verify the status of the network and verify that the 
server is properly configured and running NFS services. 


hostname: server's portmap not responding 


Explanation: The autofsd daemon attempted to communicate 
with the portmap daemon on the hostname server, but received no 
response. 

User Action: Verify the status of the network and verify that the 
server is properly configured and running NFS services. 
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lookup_addr: gethostbyname failed error for hostname 


Explanation: The autofsd daemon was unable to obtain a network 
address for the named host. 


User Action: Verify the address for the host in the local hosts file 
and the DNS or NIS database. Verify that the DNS or NIS server 
is up and running. 


match mapname:keyname failed: reason 


Explanation: The autofsd daemon is having a problem reading the 
map file mapname tofind key keyname. The error is indicated in the 
reason statement. 


Mount of hostname:filesystem on mountpoint: reason 


Explanation: The autofsd daemon attempted to mount from 
hostname, but it received no response or the request failed. These 
errors could indicate a server or network problem. 


User Action: Verify the status of the network and verify that the 
server is properly configured and running NFS services. 


Unable to locally serve filesystem 


Explanation: Locally serving the file system would result in a circular 
symbolic link. 


User Action: Choose a different mount point for the file system, or 
specify a different host to serve the file system. 


D.2.3.2 autofsmount Messages 
autofs is not configured or not enabled 
Explanation: AutoFS is not properly configured in the kernel. 


User Action: If necessary, add the AUTOFsS option to the 

kernel configuration file and rebuild the kernel. See the System 
Administration for more information on modifying and rebuilding the 
kernel. 


Cluster nodes not all at same version 


Explanation: All of the nodes in the TruCluster Server cluster are not 
running the same version of the operating system. 


User Action: | nstall the same version of the operating system, Version 
5.1 or higher, on all nodes. 
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Intercept filesystem mount failed: reason 


Explanation: The attempt to create an intercept mount point for 
filesystem has failed dueto reason. The autofsmount command 
issues this error message for direct map entries, and when running in 
verbose mode, for indirect map entries as well. 


Map mapname does not exist 


Explanation: The autofsmount command could not find the specified 
direct or indirect map file. 


User Action: Ensure that you have specified the proper location for 
the map files on the command line or in your master map file. 


Note: Indirect entry in map mapname with key keyname 
cannot be locally served with the mounton and mountfrom 
directories as defined. 


Explanation: An external server will be chosen to avoid a circular 
symbolic link. 


Note: The hierarchical entry in map mapname for keyname 
cannot be served locally 
Explanation: An external server will be chosen to avoid a circular 
symbolic link. 


Note: The shared map entry in map mapname with key keyname 
will be converted to a non-shared entry 
Explanation: AutoFS does not support the shared mount syntax of 
Automount. It converts all shared map entries to their non-shared 
counterparts. 


Unmount filesystem: reason 


Explanation: An attempt to unmount filesystem has failed with 
reason. 


Warning: Cannot support the hierarchy in map mapname with 
pe keyname with the mounton and mountfrom directories as 
defined. 


Explanation: The hierarchical direct map entry for subdirectory / 
cannot be supported, as no external servers are listed and locally 
serving it would create a circular symboliclink. The file systems in the 
map entry will be treated as though they are individual map entries. 


User Action: Specify an external server or change the key and/or the 
location of the file system in question to avoid a circular symoblic link. 
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Warning: Skipping entry in map mapname with key keyname 


Explanation: The file system will be locally served. No intercept 
mount point will be created, only a symbolic link. 


Warning: The hierarchical entry in map mapname for keyname 
will not work. 


Explanation: A hierarchical direct map entry for some subdirectory 
other than / cannot be supported, as no external servers are listed 
and locally serving it would create a circular symbolic link. The file 
systems in the map entry will be treated as though they are individual 
map entries. 


User Action: Specify an external server or change the key and/or the 
location of the file system in question to avoid a circular symoblic link. 


Warning: There are no servers available for this entry 


Explanation: |n the context of previous messages for this map entry, 
this error message indicates that locally serving the file system would 
create a circular symbolic link, and no external servers are specified. 


User Action: Specify an external server or change the key and/or the 
location of the file system in question to avoid a circular symoblic link. 


D.2.4 Console Error Messages 


The following error messages might be displayed on the NFS client system 
console and in the error logger. They note an NFS file access failure. 


NFS 


NFS 


NFS 


NFS 


server hostname not responding, still trying 


Explanation: File operations in a hard-mounted file system are 
suspended because communication between the client and the server 
has stopped. 


server hostname ok 


Explanation: File operations have resumed. 


file operation failed for server hostname: reason 


Explanation: If the operation is in a soft-mounted file system and the 
server is inoperable, the reason for the failure is that the operation 
timed out. 


write error, server hostname, remote file system full 


Explanation: A write operation failed because the remote file system 
is full. 
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NFS write error errno, server hostname, fs(n,n), file file 


Explanation: A write operation was refused by the server. The fs 
and file variables are parts of the file handle (fhandle). See errno(2) 
for a description of write errors. 
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E 


uucp Messages 


This appendix provides a description and suggested user actions for the 
following uucp messages: 


e Status and log file messages 
e tip error messages 


E.1 Status and Log File Messages 
The messages in this section might appear in uucp status or log files. Use 
the uulog or uustat Command to See the status messages. 
ASSERT ERROR 
An ASSERT error occurred, indicating a condition that only a 


system manager can solve. ASSERT errors are stored in the 
/usr/spool/uucp/.Admin/errors file and have the following form: 


ASSERT ERROR (prog)pid: xxxx (date/time) error error-location 


The variables have the following meaning: 


prog Name of the program generating the error. 

XXXK Process ID (PID) of the program. 

date/time Data and time when the error occurred. 

error A message describing the error. The message might 


include arguments. If there is a value contained 
in parentheses following the message, this value 
is often the error number (errno). 


error-location Nameand version of the source file and the line in 
the file where the error occurred. 


Table E-1 lists the ASSERT error messages. 
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Table E-1: ASSERT Error Messages 


Error Message 


Explanation and User Action 


BAD LINE line (num) 


BAD LOGIN UID (-1) 
BAD UID (-1) 
CAN NOT FIND UID (num) 


BAD SPEED (num) 


CAN'T CHDIR dir (num) 


CAN'T CLOSE file (num) 


CAN'T CREATE file (num) 


CAN’T LINK file (num) 


CAN'T LOCK LCK.SQ. sys (0) 
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The /usr/lib/uucp/Devices file has 
a bad line: Zine is the bad line and num 
is the number of fields found in the line. 


Correct the entry in the file. See 
Devices(4) for information on 
the file entries. 


The user |D used by the process is not 
currently logged in and is not defined in 
the /etc/passwd file or the networks 
database, if using NIS. 


Check your user ID by using the id 
command, and change the entry in the 
/etc/passwad file or the networks 
database, if using NIS. 


An unsupported baud rate (num) 
was specified. 


Check the command arguments or uucp 
configuration files. Then run uucpsetup 
to change the baud rate. 


A command to change to directory dir 
failed with errno num. The uucp program 
required read access to the directory. 


Check the permissions on the directory. 
If the directory does not exist, check the 
permissions on the spool directory. 


Could not close file with errno num. 


Could not open file with errno num. 
The uucep program needs write access 
to the file or directory. 


Check the permissions on the file 
and directory. 


Could not link a source file to the 
work file file in the uucp spool 
directory with errno num. 


Check the spool directory permissions. 


Could not lock the 
/var/spool/locks/LCK.SQ. 
sys file for system sys. 


Check the time and permissions on the 
file. If it is old, delete the file. 
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Error Message 


Explanation and User Action 


CAN'T OP 


EN file (num) 


CAN'T STAT file (num) 


CAN'T UNLINK file (num) 


CAN'T WRITE file (num) 


FILE EXISTS file (num) 


No uucp server (0) 


SYSLST OVERFLOW (num) 


TOO MANY 


LOCKS (num) 


Could not open file with errno num. 
The uuep program needs write access 
to the file or directory. 


Check the permissions on the file 
and directory. 


The uucico daemon could not obtain 
information about the file with errno num. 


Check the permissions on the file. 
Could not unlink the file with errno num. 
Check the permissions on the file. 


Could not open the file with errno 
num. The uucp program needs write 
access to the file or directory. 


Check the permissions on the file 
and directory. 


The file already exists and an access () 
call on that file returned errno num. The 
file is a uucp work file that was not 
cleaned up by another uucp process. 


The uucp service is not defined in 
the /etc/services file. 


Edit the /etc/services file and 
add a uucp entry. 


There are too many jobs queued for a 
single system. The number of jobs is num. 


Use the uustat -—q command and 
examine the queue. If the jobs are not 
old, try the request again. If there are 
old jobs in the queue, use the uucleanup 
command to clean out the queue. See 
uucleanup(8) for more information. 


The system limit on the number 
of lock files was exceeded while 
creating lock file num. 


Retry the request after the the current 
activity is completed. 
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Table E-1: ASSERT Error Messages (cont.) 
Error Message Explanation and User Action 


XMV ERROR file (num) The uuxgt daemon could not move 
the execute file to the .Xqtdir 
directory in the uucp spool area and 
failed with errno num. 


Use the 1s —1 command and verify 
that the .Xqtdir directory is owned by 
uucp and has a 77/5 permission. 


BAD LOGIN/MACHINE COMBINATION 


Explanation: There are two possible reasons for this message: 


e The VALIDATE option for the local system is set in the 
Permissions file on the remote system and the local system’s user 
name does not match the LOGNAME entry for the system in the 
remote system's Permissions file. 


¢« Thelocal system’s user name has no corresponding LOGNAME entry 
in the remote system’s Permissions file. 


User Action: Either ask the remote system administrator to add a 
LOGNAME entry for that user name, or edit the Systems file and modify 
the entry for the remote system to use a Known user name. 


BAD SEQUENCE CHECK 


Explanation: The information in /usr/1lib/uucp/SQFILE file on the 
local and remote system is inconsistent. Possible reasons include: 


¢ A new SOQFILE has been installed on either system, possibly 
because a new operating system release was installed. 


User Action: Synchronize the local and remote files. 


e Another system is imitating either the local or remote system. This 
indicates a potential security problem. 


User Action: Verify that both systems are legitimate and report 
security issues, aS necessary. 


CALLBACK REQUIRED 


Explanation: The local system initiated a call and informed the 
remote system that it has work for that system. The remote system is 
configured to accept work only if it initiates a call to the local system. 
Work is queued until the remote system calls the local system. 


User Action: Monitor the queue to verify that all jobs are completed. 
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CALLER SCRIPT FAILED 


Explanation: An error occurred while processing the chat script, 
defined in the Systems file. 


User Action: Enter the uutry remote system command and 
observe the prompts from the remote system. Compare the prompts 
to the chat script. If there is a difference, run the uucpsetup script 
and change the chat script. 


CAN’ T ACCESS DEVICE 


Explanation: Possible reasons include: 
e« The physical device could not be opened. 


User Action: Check the permissions on the terminal (tty) line, 
using the 1s —1 command. If neither user uucp nor group uucp 
has write access to the line, change the mode to 666. 


« Themodem type is not defined in the /usr/lib/uucp/Dialers 
file. 


User Action: Verify that the modem type has an entry in the 
Dialers file If not, run the uucpsetup script and make an entry 
for the modem type. 


CANNOT OPEN SYSTEMS FILE FOR READ 


Explanation: The uucp program cannot read the 
/usr/lib/uucp/systens file. 


User Action: Change the mode to 650, and the owner and group to 


uucp. 


CONN FAILED (string) 


Explanation: The connection to the remote system failed; string 
describes the reason for the failure. The system will reconnect as 
necessary. 


User Action: Monitor the queue to verify that all jobs are completed. 
If the problem persists, check your configuration. 


CONVERSATION FAILED 


Explanation: The conversation with the remote system has 
abnormally ended. Possible reasons are a modem error or system 
crash. Partially completed jobs are requeued and processed later. 


User Action: Monitor the queue to verify that all jobs are completed. 
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DEVICE LOCKED 
Explanation: Another utility (tip, cu, uugetty, or uucico) is 
already using the device. 


User Action: Retry the request; you will continue to receive this 
message until the other utility has finished using the device. 


DIAL FAILED 
Explanation: The modem dialing sequence failed or timed out. 
User Action: Retry the command. 


LOGIN FAILED 
Explanation: The uucico daemon timed out while trying tologin to 
the remote system. 

User Action: Usethe uutry command with your request to determine 
why the login is failing. 

If the error occurs while processing the chat script, run the uucpsetup 
script and modify the chat script to reflect the actual messages used by 
the remote system. For example, if the chat script stops while waiting 
for a login prompt, modify the chat script to send a carriage return and 
delay before getting a login prompt. 

If the login tothe remote system is successful and then an error occurs, 
the uucico daemon on the remote system failed to start or was slow in 
sending the Shere message to the local system. 


LOST LINE (LOGIN) 
Explanation: The connection was lost during the login process. 
User Action: Retry the request. 


NO DEVICES AVAILABLE 
Explanation: There are no devices available on this system of the 
type or speed requested. 


User Action: You can install additional devices on your system, if your 
system allows, or modify the request to use one of the available devices 
in the /usr/lib/uucp/Devices file. 


REMOTE DOES NOT KNOW ME 


Explanation: The local system does not have an entry in the remote 
system's Systens file. 


User Action: Contact the remote system's administrator to have an 
entry for your system put in the Systems file. 
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REMOTE HAS A LCK FILE FOR ME 


Explanation: The remote system is trying to contact the local system 
while the local system is trying to connect to the remote system. The 
uucp utilities do not allow simultaneous connections between systems. 


User Action: You can either retry the request later, or wait and see 
if the queued request is performed when the remote system connects 
to your system. 


REMOTE REJECT AFTER LOGIN 


Explanation: After successfully logging in to the remote system, the 
local and remote systems could not start a conversation. The remote 
system alsoreturns the message BAD LOGIN/MACHINE COMBINATION. 


User Action: Check the configuration for the connection on both 
systems. 
REMOTE REJECT, UNKNOWN MESSAGE 


Explanation: The remote system rejected the connection to the local 
system, but did not return a recognizable error message. 


User Action: Retry your operation. 


STARTUP FAILED 


Explanation: After successfully logging in to the remote system, 
the local and remote systems could not start a conversation. Either 
the systems could not agree on a protocol or they could not start the 
protocol. 


User Action: Verify that both the local and remote systems specify the 
same protocol in the /usr/lib/uucp/Systenms file. 


SUCCESSFUL 


Explanation: The conversation completed successfully. 


SYSTEM NOT IN Systems FILE 


Explanation: The remote system is not in the /usr/lib/uucp/Sys- 
tems file. 


User Action: Use the uuname command to view a list of Known uucp 
systems. 


TALKING 


Explanation: The local system is having a conversation with the 
remote system. 
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WRONG MACHINE NAME 


Explanation: The remote system name does not match the system 
name entry in the /usr/lib/uucp/Systenms file. 


User Action: Verify the system name and run uucpsetup to make the 
necessary changes. 


WRONG TIME TO CALL 


Explanation: The remote system cannot be called at this time The 
job is queued for completion |ater. 


User Action: |f you want to change the time, run uucpsetup. 


E.2 tip Error Messages 
The following messages might be displayed when using the tip utility: 
all ports busy 


Explanation: All ports are in use. 
User Action: Try your request again later. 


can’t open log file ‘'/var/log/aculog’ for update 
contact your administrator 


Explanation: The /var/log/aculog file does not exist. 
User Action: Create the file with the mode 664, and owner and group 
uucp. 

/etc/phones: can’t open phone numbers file 


Explanation: The /etc/phones file does not exist, or the tip utility 
cannot read the phones file. 


User Action: Verify that the phones file exists and that it is not 
corrupted. If necessary, create a new phones file. See phones(4) for 
more information. 


link down 
Explanation: The terminal line (tty) cannot be opened. 
User Action: Check that the mode of the tty device is 666. 
missing phone number 


Explanation: The remote system’s phone number is not in the 
/etc/phones file 
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User Action: Edit the /etc/phones file and add the remote system's 
phone number. 


system name: missing device spec 


tip: 


tip: 


tip: 


Explanation: Theterminal line (dv parameter) is not defined in the 
/etc/remote file 


User Action: Edit the /etc/remote file and add the parameter. 


unknown host sysname 


Explanation: The remote host system is not in the /etc/remote file. 
User Action: Do one of the following: 


¢« Create an entry for the system in the /etc/remote file. See 
remote(4) for more information. 


¢« Invoke tip using the remote host system's phone number instead 
of its name. 


can’t open host description file 


Explanation: The /etc/remote file does not exist, or the tip utility 
cannot read the remote file. 


User Action: Verify that the remote file exists and that it is not 
corrupted. If necessary, create a new remote file. See remote(4) for 
more information. 


unknown host tipspeed 


Explanation: The tip utility is not configured to use the speed 
specified on the command line. 


User Action: Verify whether the hardware supports the speed. If 
it can, create a tipspeed entry for the speed in the /etc/remote 
file, using other tipspeed entries as a model. Create corresponding 
UNIX-speed and dialspeed entries in the file. Specify the modem 
type and the serial port to which it is attached, using the at and dv 
fields in the dialspeed entry. 


Unknown ACU type 


Explanation: The modem is unsupported. 


User Action: Check the at field for the host system entry in the 
/etc/remote file. If the entry is correct, create an entry for the 
modem in the /etc/acucap file. See acucap(4) for more information. 
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XxX: unknown parity value 


Explanation: The parity value (pa parameter) in the /etc/remote 
file is invalid. 


User Action: Edit the /etc/remote file and enter a valid value. See 
remote(4) for more information. 
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sendmail Error Messages 


This appendix provides an explanation and suggested user actions for the 
sendmail error messages. These messages can occur when sending mail 
to another user on the same host or when sending mail using TCP/IP. If 
other mailers are configured on your system (for example, DE Cnet), see the 
documentation that accompanies the mailer for additional messages. 


The following sendmail messages are returned in a rejected mail message 
or sent to the syslogd daemon: 


binmail: opening /usr/spool/mail/filename-: Permission 
denied 


Explanation: The /bin/mail program could not deliver the mail on 
the destination host. 


User Action: 


e Verify the permissions on the /usr/spool/mail directory. The 
correct permissions are 1777. 


e Verify the mailbox permissions. The correct permissions are 600. 
¢ Verify that the mailbox owner is correctly specified. 


Cannot send message for 3 days 


Explanation: The message was not delivered during the period 
specified by the retry parameter in the /var/adm/sendmail/send- 
mail.cf file. It is being returned to the sender. Possible reasons are 
as follows: 


¢ Thedestination host does not exist. 


« The mail was addressed to a host outside of your 
company and no relay host has been configured in the 
/var/adm/sendmail/sendmail.cf file 


¢ The host has been off line or the network connection has been 
unreliable for three days. 


User Action: 


1. Verify all address information. 
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2. Ifthe mail was addressed to a host outside of your company, you 
might not be able to send the mail directly. Check your sendmail 
configuration by entering the following command: 


# grep ‘“define( GateINET’ /var/adm/sendmail/hostname.m4 


If the braces in the output are empty (that is, do not contain a 
host name), reconfigure sendmail and specify a relay host. See 
Section 13.3 for more information on specifying a relay name. 


3. Send the message again. The message is queued and sent 
automatically when the host is reachable. 


Connection refused 


Explanation: The sendmail daemon is not running on the 
destination host. 

User Action: Check whether sendmail is running on the host by 
using the ps command as follows: 

# ps -ax | grep send 


If it is not, ask the system administrator to start sendmail. 


Connection timed out during user open 


Explanation: A problem occurred during the Simple Mail Transfer 
Protocol (SMTP) session between 2 hosts, causing a time out. 


User Action: No user action is necessary; the message will be retried 
later. 


Host unknown 
Explanation: Possible reasons are as follows: 


e An address record for the host was not found. 


¢ The /var/adm/sendmail/sendmail.cé£ file does not definea 
relay host that can handle mail addresses outside of your company. 


User Action: 


1. Ifthe Domain Name System (DNS) is not configured on your host, 
verify that the host’s address is defined. Check the /etc/hosts 
file if you are resolving addresses locally or issue the ypmatch 
hostname hosts command if you are using the Network 
Information Service (NIS). The hosts entry in the svc. conf file 
defines the services used. If the host is not defined, ask your 
system administrator to correct the problem. 


2. Check for MX records for the host by using the nslookup 
command as follows: 
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# nslookup —q=mx hostname 
If a record exists, go to step 3. 


3. Check for address records by using the nslookup command. If 
the address is not found, have the DNS administrator for the 
destination domain add an address record for the host in the 
destination domain’s DNS data files. 


4. |f the mail was addressed to a host outside of your company, you 
might not be able to send the mail directly. Check your sendmail 
configuration by entering the following command: 


# grep ‘“define( GateINET’ /var/adm/sendmail/hostname.m4 


If the braces in the output are empty (that is, do not contain a 
host name), reconfigure sendmail and specify a relay host. Send 
the message again. See Section 13.3 for more information on 
specifying a relay name. 


I refuse to talk to myself 


Explanation: The local host was asked to connect to itself and deliver 
a message. 


User Action: Check your sendmail configuration by entering the 
following command: 


# grep ‘“define( GateINET’ /var/adm/sendmail/hostname.m4 


If the braces on any line in the output contain your host’s name, there 
is a configuration error. Reconfigure sendmail. See Section 13.3 for 
more information. 


Remote protocol error 


Explanation: This message is generally found in the mail.log 
file generated by the syslogd daemon and indicates a problem in 
communicating with the remote host. 


User Action: No user action is necessary; the message will be retried 
later. 


Service unavailable 


This is a secondary error message. Some other error has occurred that 
caused sendmail tointerpret an address as an action. 


User Action: Look for other error messages, for example Host 
unknown, and resolve them first. Resolving other errors should resolve 
this error as well. 
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User unknown/Addressee unknown 


Explanation: The message reached the final destination, but the user 
address was not found in the local aliases file or the local password 
file at the final destination. 


User Action: Verify that the user’s address is correct. 
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Host Resources MIB Implementation 


The Tru64 UNIX Simple Network Management Protocol (SNMP) agent 
implements the Host Resources MIB as described in RFC 1514. Although 
the RFC describes conceptual objects for management of host systems, it 
describes them in very general terms. 


This appendix describes the Tru64 UNIX Host MIB implementation, 
including each group or table defined in RFC 1514 (with sample data). The 
formatting of SNMP data is specific to the implementation of an application. 
Compag currently does not ship an application that presents SNMP data 

in this manner with Tru64 UNIX. 


G.1 Tru64 UNIX Implementation Summary 


The basic Tru64 UNIX implementation of RFC 1514 is as follows: 


« TheRFC specifies that when a product registry does not exist, all MIB 
variables of type Product ID return an object identifier of 0.0. 


e« The values of the hrDeviceIndex and hrFSIndex parameters remain 
unique between system reboots. 


¢ Write access is not implemented for any Host MIB object. 


G.2 System Group 


The system group object implementation notes are as follows: 
¢ ThehrSystemInitialLoadDevice parameter is not implemented. 


« ThehrSystemInitialLoadParameters parameter returns the name 
of the booted kernel. 


The following are sample data: 


{hrSystemUptime.0 , TimeTicks, 0d 23:00:20.00} 
{hrSystemDate.0 , OCTET STRING, 1995-11-28,15:31:52.01} 
{hrSystemInitialLoadParameters.0 , OCTET STRING, vmunix} 
{hrSystemNumUsers.0 , Gauge, 0} 

{hrSystemProcesses.0 , Gauge, 20 

{hrSystemMaxProcesses.0 , INTEGER, 1024} 
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G.3 Storage Group 


The operating system software represents three types of logical storage: 
swap space, kernel memory, and file systems. The storage group object 
implementation is as follows: 


One entry in the hrStorageTable group is the total kernel memory 
being used. 


One entry is the current total swap space. (The value of the 
hrStorageAllocationFailures parameter for this entry is always 0.) 


There are several entries that each describe a specific type of kernel 
memory (the kernel malloc table). There is an entry for each memory 
type listed in the <sys/malloc.h> header file that is implemented on 
that particular host. (The value of the hrStorageDescr parameter is 
derived from the malloc.h file.) 


Note 


These entries do not represent actual fixed-size memory 
pools that could be exhausted. They do, however, indicate 
how system memory is being utilized amongst the various 
subsystems. 


The value of the hrStorageSize parameter for the kernel memory 
entries is always 0, because there is no actual limit. 


There is one entry in the hrStorageTable group for each locally 
mounted file system. As specified in RFC 1514, remotely mounted file 
systems are not represented in the hrStorageTable group. 


The value of the hrStorageDescr parameter for file system-related 
entries is the same as the the hrFSMountedPoint parameter for the 
same file system in the hrFSTable group. 


The values of the hrStorageIndex parameter for file system-related 
entries is returned in the hrFSStorageIndex variable for the same file 
system in the hrFSTable group. 


The value of the hrStorageType parameter for file system storage 
entries is always hrStorageOther. 


See Section G.5 for information on the file system implementation. 


The following are sample storage group data: 


{hrStorageIndex.1 , INTEGER, 1} 

{hrStorageType.1 , OBJECT IDENTIFIER, hrStorageRam} 
{hrStorageDescr.1 , OCTET STRING, Total Kernel Memory} 
{hrStorageAllocationUnits.1 , INTEGER, 1024} 

{hrStorageSize.1 , INTEGER, 2088960} 
{hrStorageUsed.1 , INTEGER, 261112} 
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hrStorageAllocationFailures.1 , 
hrStorageIndex.2 é 
hrStorageType.2 7 
hrStorageDescr.2 ri 
hrStorageAllocationUnits.2 i 
hrStorageSize.2 7 
hrStorageUsed.2 
hrStorageAllocationFailures.2 , 
hrStorageIndex.3 , 
hrStorageType.3 ‘i 
hrStorageDescr.3 z 
hrStorageAllocationUnits.3 ‘ 
hrStorageSize.3 5 
hrStorageUsed. 3 y 
hrStorageAllocationFailures.3 , 
hrStorageIndex. 4 ; 
hrStorageType.4 ; 
hrStorageDescr.4 : 
hrStorageAllocationUnits.4 i 
hrStorageSize.4 7 
hrStorageUsed.4 ‘: 
hrStorageAllocationFailures.4 , 


RR es 


hrStorageIndex.99 7 
hrStorageType.99 ; 
hrStorageDescr.99 r 
hrStorageAllocationUnits.99 i 
hrStorageSize.99 ; 
hrStorageUsed.99 A 
hrStorageAllocationFailures.99 , 
hrStorageIndex.100 “ 
hrStorageType.100 Fi 
hrStorageDescr.100 7 
hrStorageAllocationUnits.100 F 
hrStorageSize.100 F 
hrStorageUsed.100 ij 
hrStorageAllocationFailures.100, 
hrStorageIndex.101 7 
hrStorageType.101 ; 
hrStorageDescr.101 ; 
hrStorageAllocationUnits.101 F 
hrStorageSize.101 ; 
hrStorageUsed.101 7 
hrStorageAllocationFailures.101, 


RR 
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Counte 
NTEGE: 


OBJECT 


OBJECT 


xr, 0} 
R, 2} 


OBJECT IDENTIFIER, hrStorageVirtualMemory} 
OCTET STRING, Total Swap Space} 
NTEGER, 1024} 

NTEGER, 200704} 

NTEGER, 11920} 

Counter, 0} 

NTEGER, 3} 

OBJECT IDENTIFIER, hrStorageRam} 
OCTET STRING, MBUF} 

NTEGER, 1} 

NTEGER, 0} 

NTEGER, 4096} 

Counter, 0} 

NTEGER, 4} 


IDENTIFIER, hrStorageRam} 


OCTET STRING, MCLUSTER} 


NTEGER, 1} 
NTEGER, 0} 
NTEGER, 32768} 
Counter, 0} 
NTEGER, 99} 
OBJECT IDENTIFIER, hrStorageOther} 
OCTET STRING, /} 
NTEGER, 1024} 
NTEGER, 63167} 
NTEGER, 46098} 
Counter, 0} 
NTEGER, 100} 


IDENTIFIER, hrStorageOther} 


OCTET STRING, /proc} 


NTEGER, 8192} 

NTEGER, 0} 

NTEGER, 0} 

Counter, 0} 

NTEGER, 101} 

OBJECT IDENTIFIER, hrStorageOther} 


OCTET STRING, /usr} 


NTEGER, 1024} 
NTEGER, 866102} 
NTEGER, 596323} 
Counter, 0} 


This implementation supports CPUs, network interfaces, and disks in the 
device-related tables; printers are not supported. The CPU support is as 


follows: 


« Each CPU physically attached to the system is represented in both the 
hrDevice and hrProcessor tables. The value of the hrDeviceIndex 
parameter for these entries is the processor number plus 1. 


¢ Thevalue of the hrDeviceErrors parameter is always 0. 


¢ Thevalue of thehrDeviceStatus parameter is either running or down. 
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¢ Thevalue of the hrProcessorLoad parameter is accurately determined 
for each processor running on the system. Processor idle time is any 
time spent in the IDLE or WAIT states. Busy timeis time spent in any 
other state. 


A background task records CPU time every 30 seconds, retaining 2 
snapshots. When an SNMP request is received, CPU times are fetched 
immediately and the load average is calculated as the difference between 
this current data and the least recent snapshot. In this manner the 
values returned for the hrProcessorLoad parameter are current load 
averages over a period of at least 30 seconds, but not morethan 1 minute. 
The value of the hrProcessorLoad parameter is calculated as follows: 


(delta busy / ( delta busy +delta idile)) * 100 


The disk support is as follows: 


¢ Each re, ra, and rz type disk whose special file is present in the 
/dev directory is represented in the hrDeviceTable group, the 
hrdiskStorageTable group, and the hrPartitionTable group. 


¢ The value of the hrDeviceStatus parameter is running if the disk is 
online, or down if the disk is offline. 


¢ Thevalue of the hrDeviceErrors parameter is the sum of hard and 
soft errors reported for the disk. 


¢ The value of the hrDiskStorageMedia parameter is always unknown. 


¢ Data cannot be retrieved currently for offline devices (for instance, an 
empty CD-ROM drive). In these cases, the hrDiskStorage entry is 
as follows: 


media = ‘unknown’ 
Capacity = 0 
removable = ‘false’ 
access = ‘readWrite’ 


The value of the hrPartitionFSIndex parameter is either zero (0) 
or the value of the hrFSIndex parameter for the hrFSTable entry 
corresponding to the offline file system. 


The network device support is as follows: 


e Each network interface is represented in both the hrDeviceTable 
group and hrNetworkTable group. 


¢ Thevalueof the hrDeviceStatus parameter is running if theinterface 
is running, down if the interface is not up, or unknown. 


¢« The value of the hrDeviceErrors parameter is the sum of inbound and 
outbound packet errors on that interface. 
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¢ The value of the hrNetworkIfIndex parameter is the same as the 
MIB-II value of the if Index parameter for that interface 


The following are sample device table data: 


{hrDeviceIndex.1 , INTEGER, 1} 

{hrDeviceType.1 , OBJECT IDENTIFIER, hrDeviceProcessor} 
{hrDeviceDescr.1 , OCTET STRING, Digital 2100 Server Model A500MP} 
{hrDeviceID.1 , OBJECT IDENTIFIER, 0.0} 

{hrDeviceStatus.1 , INTEGER, running} 

{hrDeviceErrors.1 , Counter, 0} 

{hrDeviceIndex.2 , INTEGER, 2} 

{hrDeviceType.2 , OBJECT IDENTIFIER, hrDeviceProcessor} 
{hrDeviceDescr.2 , OCTET STRING, Digital 2100 Server Model AS500MP} 
{hrDeviceID.2 , OBJECT IDENTIFIER, 0.0} 

{hrDeviceStatus.2 , INTEGER, running} 

{hrDeviceErrors.2 , Counter, 0} 

{hrDeviceIndex.3 , INTEGER, 3} 

{hrDeviceType.3 , OBJECT IDENTIFIER, hrDeviceProcessor} 
{hrDeviceDescr.3 , OCTET STRING, Digital 2100 Server Model A500MP} 
{hrDeviceID.3 , OBJECT IDENTIFIER, 0.0} 

{hrDeviceStatus .3 , INTEGER, running} 

{hrDeviceErrors .3 , Counter, 0} 

{hrDeviceIndex.4 , INTEGER, 4} 

{hrDeviceType.4 , OBJECT IDENTIFIER, hrDeviceProcessor} 
{hrDeviceDescr.4 , OCTET STRING, Digital 2100 Server Model A500MP} 
{hrDeviceID.4 , OBJECT IDENTIFIER, 0.0} 

{hrDeviceStatus.4 , INTEGER, running} 

{hrDeviceErrors.4 , Counter, 0} 

{hrDeviceIndex.5 , INTEGER, 5} 

{hrDeviceType.5 , OBJECT IDENTIFIER, hrDeviceNetwork} 
{hrDeviceDescr.5 , OCTET STRING, tu0 - DEC TULIP Ethernet Interface} 
{hrDeviceID.5 , OBJECT IDENTIFIER, 0.0} 

{hrDeviceStatus.5 , INTEGER, running} 

{hrDeviceErrors.5 , Counter, 9} 

{hrDeviceIndex.6 , INTEGER, 6} 

{hrDeviceType.6 , OBJECT IDENTIFIER, hrDeviceNetwork} 
{hrDeviceDescr.6 , OCTET STRING, traO - DEC DW300 Token Ring Interface} 
{hrDeviceID.6 , OBJECT IDENTIFIER, 0.0} 

{hrDeviceStatus.6 , INTEGER, down} 

{hrDeviceErrors .6 , Counter, 0} 

{hrDeviceIndex.7 , INTEGER, 7} 

{hrDeviceType.7 , OBJECT IDENTIFIER, hrDeviceNetwork} 
{hrDeviceDescr.7 , OCTET STRING, 1n0 - DEC LANCE Ethernet Interface} 
{hrDeviceID.7 , OBJECT IDENTIFIER, 0.0} 

{hrDeviceStatus.7 , INTEGER, running} 

{hrDeviceErrors.7 , Counter, 40} 

{hrDeviceIndex.8 , INTEGER, 8} 

{hrDeviceType. 8 , OBJECT IDENTIFIER, hrDeviceNetwork} 
{hrDeviceDescr.8 , OCTET STRING, sl0 - Serial Line Interface} 
{hrDeviceID.8 , OBJECT IDENTIFIER, 0.0} 

{hrDeviceStatus.8 , INTEGER, down} 

{hrDeviceErrors.8 , Counter, 0} 

{hrDeviceIndex.9 , INTEGER, 9} 

{hrDeviceType.9 , OBJECT IDENTIFIER, hrDeviceNetwork} 
{hrDeviceDescr.9 , OCTET STRING, 1lo0 - Local Loopback Interface. } 
{hrDeviceID.9 , OBJECT IDENTIFIER, 0.0} 

{hrDeviceStatus.9 , INTEGER, unknown} 

{hrDeviceErrors.9 , Counter, 0} 

{hrDeviceIndex.10 , INTEGER, 10} 

{hrDeviceType.10 , OBJECT IDENTIFIER, hrDeviceNetwork} 
{hrDeviceDescr.10 , OCTET STRING, pppO - 2.2} 

{hrDeviceID.10 , OBJECT IDENTIFIER, 0.0} 

{hrDeviceStatus.10 , INTEGER, down} 
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TD RR I RR RR 


ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
nr 
nr 
nr 
nr 
nr 
nr 
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nr 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
ny. 
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ny. 
NY. 
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ny. 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
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DeviceErrors.10 
DeviceIndex.11 
DeviceType.11 
DeviceDescr.11 
DeviceID.11 
DeviceStatus.11 
DeviceErrors.11 
DeviceIndex.12 
DeviceType.12 
DeviceDescr.12 
DeviceID.12 
DeviceStatus.12 
DeviceErrors.12 
DeviceIndex.13 
DeviceType.13 
DeviceDescr.13 
DeviceID.13 
DeviceStatus.13 
DeviceErrors.13 
ProcessorFrwID.1 
ProcessorLoad.1 
ProcessorFrwID.2 
ProcessorLoad.2 
ProcessorFrwID.3 
ProcessorLoad. 3 
ProcessorFrwID.4 
ProcessorLoad.4 
DiskStorageAccess.11 
DiskStorageMedia.1 
DiskStorageRemoveble.11 
DiskStorageCapacity.11 
DiskStorageAccess.12 
DiskStorageMedia.12 
DiskStorageRemoveble.12 
DiskStorageCapacity.12 
DiskStorageAccess.13 
DiskStorageMedia.13 
DiskStorageRemoveb 


Sok3 


DiskStorageCapacity.13 
PartitionIndex. 
PartitionLabel. 
PartitionID.11. 
PartitionSize.11.1 
PartitionFSIndex.11.1 
PartitionIndex.11.2 
PartitionLabel.11.2 
PartitionID.11.2 
PartitionSize.11.2 
PartitionFSIndex.11.2 
PartitionIndex.11.3 
PartitionLabel.11.3 
PartitionID.11.3 
PartitionSize.11.3 
PartitionFSIndex.11.3 
PartitionIndex.11.4 
PartitionLabel.11.4 
PartitionID.11.¥¢ 
PartitionSize.11.4 
PartitionFSIndex.11.4 
PartitionIndex.11.5 
PartitionLabel.11.5 
PartitionID.11.5 
PartitionSize.11.5 


PartitionFSIndex.11.5 
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Counte 
NTEGE: 
OBJECT 
OCTET 
OBJECT 
NTEGE: 
Counte 
NTEGE: 
OBJECT 
OCTET 
OBJECT 
NTEGE: 
Counte 
NTEGE: 
OBJECT 
OCTET 
OBJECT 
NTEGE: 
Counte 
OBJECT 
NTEGE: 
OBJECT 
NTEGE: 
OBJECT 
NTEGE: 
OBJECT 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
OCTET 

OCTET 

NTEGE: 
NTEGE: 
NTEGE: 
OCTET 

OCTET 

NTEGE: 
NTEGE: 
NTEGE: 
OCTET 

OCTET 

NTEGE: 
NTEGE: 
NTEGE: 
OCTET 

OCTET 

NTEGE: 
NTEGE: 
NTEGE: 
OCTET 

OCTET 

NTEGE: 
NTEGE: 


xr, 0} 
R, 11} 
DENTIFIER, hrDeviceDiskStorage} 
STRING, /dev/rz0 - SCSI RZ28} 
DENTIFIER, 0.0} 
R, running} 
xr, 0} 
R, 12} 
DENTIFIER, hrDeviceDiskStorage} 
STRING, /dev/rzl - SCSI RZ28} 
DENTIFIER, 0.0} 
R, running} 
£5. 0} 
R, 13} 
DENTIFIER, hrDeviceDiskStorage} 
STRING, /dev/rz6 - SCSI RRD43} 
DENTIFIER, 0.0} 
R, down} 
xr, 0} 
DENTIFIER, 0.0} 
R, 4} 
DENTIFIER, 0.0} 
R, 0} 
DENTIFIER, 0.0} 
R, 10} 
DENTIFIER, 0.0} 
R, 19} 
R, readWrite} 
R, unknown} 
R, false} 
R, 2055240} 
R, readWrite} 
R, unknown} 
R, false} 
R, 2055240} 
R, readWrite} 
R, unknown} 
R, false} 
R, 0} 
R, 1} 
STRING, /dev/rz0a} 
STRING, } 
R, 65536} 
R, 1} 
R, 2} 
STRING, /dev/rz0b} 
STRING, } 
R, 200704} 
R, 0} 
R, 3} 
STRING, /dev/rz0c} 
STRING, } 
R, 2055240} 
R, 0} 
R, 4} 
STRING, /dev/rz0od} 
STRING, } 
R, 595968} 
R, 0} 
R, 5} 
STRING, /dev/rz0e} 
STRING, } 
R, 595968} 
R, 0} 


nr 
nr 
nYr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nyr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 
nr 


PartitionSize.11.8 


PartitionIndex.12.1 
PartitionLabel.12.1 
PartitionID.12. 
PartitionSize.12.1 


PartitionIndex.12.2 
PartitionLabel.12.2 
PartitionID.12.2 
PartitionSize.12.2 


PartitionIndex.12.3 
PartitionLabel.12.3 
PartitionID.12.3 
PartitionSize.12.3 


PartitionIndex.12.4 
PartitionLabel.12.4 
PartitionID.12.4 
PartitionSize.12.4 


PartitionIndex.12.5 
PartitionLabel.12.5 
PartitionID.12.5 
PartitionSize.12.5 


PartitionIndex.12.6 
PartitionLabel.12.6 
PartitionID.12.6 
PartitionSize.12.6 


PartitionIndex.12.7 
PartitionLabel.12.7 
PartitionID.12.7 
PartitionSize.12.7 


PartitionIndex.12.8 
PartitionLabel.12.8 
PartitionID.12.8 
PartitionSize.12.8 
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PartitionIndex.11.6 
PartitionLabel.11.6 
PartitionID.11.6 
PartitionSize.11.6 
PartitionFSIndex.11. 
PartitionIndex.11.7 
PartitionLabel.11.7 
PartitionID.11.7 
PartitionSize.11.7 
PartitionFSIndex.11. 
PartitionIndex.11.8 
PartitionLabel.11.8 
PartitionID.11.8 


PartitionFSIndex.11. 


PartitionFSIndex.12. 


PartitionFSIndex.12. 


PartitionFSIndex.12. 


PartitionFSIndex.12. 


PartitionFSIndex.12. 


PartitionFSIndex.12. 


PartitionFSIndex.12. 


PartitionFSIndex.12. 
hrNetworkIfIndex.5 

hrNetworkIfIndex. 
hrNetworkIfIndex. 
hrNetworkIfIndex. 
hrNetworkIfIndex. 
hrNetworkIfIndex. 


6} 


RING, /dev/rz0f} 


RING, } 
597064} 
0} 
7} 
RING, /dev/rz0g} 
RING, } 
893952} 
3} 
8} 
RING, /dev/rz0h} 
RING, } 
895048} 
0} 
} 
RING, /dev/rzla} 
RING, } 
65536} 
0} 
2} 
RING, /dev/rz1b} 
RING, } 
200704} 
0} 
3} 
RING, /dev/rzic} 
RING, } 
2055240} 
0} 
4} 


RING, /dev/rz1d} 
RING, } 
595968} 
0} 
5} 
RING, /dev/rzle} 
RING, } 
595968} 
0} 
6} 
RING, /dev/rz1f} 
RING, } 
597064} 
0} 
7} 
RING, /dev/rz1g} 
RING, } 
893952} 
0} 
8} 
RING, /dev/rzih} 
RING, } 
895048} 
0} 
} 
2} 
3} 
4} 
5} 
6} 
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G.5 File System Table 


The file system table implementation is as follows: 


¢ Each currently mounted file system is represented in the hrFSTable 


group. 


¢ The available values for the hrFSType parameter do not cover all 
possible file system types in the operating system. Some types (for 
example, /proc) report a value of hrFsother for the hrFSType object. 


¢ ThehrFSRemoteMount Point parameter is returned as a zero-length 
octet string for local file systems, as specified in RFC 1514. 


« The hrFSStorageIndex parameter returns a zero (0) for remote 
file systems, in accordance with RFC 1514. For local file systems, 
the hrFSStorageIndex parameter returns the value of the 
hrStorageIndex parameter for the hrStorageEntry entry 
corresponding to that file system. 


The RFC specifies this design, presumably so that all storage-related 
information is available in one table. However, in order to discover file 
system full conditions, an SNMP application needs to do the following: 


1. 
2. 


Locate an entry in the the hrFSTable group. 


Retrieve that entry’s value of the hrFSStorageIndex parameter. 
For example, call it i. 


If i is not zero (0), retrieve the values of the hrStorageUsed.i and 


hrStorageSize.i parameters. 


¢ Thevalue of the hrFSBootable parameter is always returned as false. 


¢ The values of the hrFSLastFullBackupDate and hrFSLast Partial- 
BackupDate parameters are always returned as { anuary 1 year O time 
0} in the DateAndTime format, as specified in RFC 1514, when these 


values are unknown. 


The following are sample file system table data: 


hrFSIndex.1 

hrFSMount Point .1 
hrFSRemoteMountPoint.1 
hrFSType.1 

hrFSAccess.1 
hrFSBootable.1 
hrFSStorageIndex.1 
hrFSLastFullBackupDate.1 
hrFSLast PartialBackupDate.1 
hrFSIndex.2 

hrFSMount Point .2 
hrFSRemoteMountPoint .2 
hrFSType.2 

hrFSAccess.2 
hrFSBootable.2 
hrFSStorageIndex. 2 


ee ee 
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, 
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NTEGER, 


OBJECT 
NTEGER 
NTEGER, 
NTEGER 


NTEGER, 


OBJECT 
NTEGER, 
NTEGER, 
NTEGER, 


OCTET ST 
OCTET ST 


OCTET ST 
OCTET ST 


OCTET ST 
OCTET ST 


1} 
RING, /} 

RING, } 

DENTIFIER, hrFSBerkeleyFFS} 
readWrite} 

false} 

99} 
RING, 
RING, 

2} 
RING, /proc} 

RING, } 
DENTIFIER, hrFSOther} 
readWrite} 

false} 

100} 


0-1-1,0:0:0.0} 
0-1-1,0:0:0.0} 


a I nn 


hrFSLastFullBackupDate. 2 
hrFSLast PartialBackupDate.2 
hrFSIndex. 3 

hrFSMount Point .3 
hrFSRemoteMount Point .3 
hrFSType.3 

hrFSAccess.3 

hrFSBootable.3 
hrFSStorageIndex. 3 
hrFSLastFullBackupDate. 3 
hrFSLast PartialBackupDate.3 
hrFSIndex.4 

hrFSMount Point .4 
hrFSRemoteMountPoint .4 
hrFSType.4 

hrFSAccess.4 

hrFSBootable.4 
hrFSStorageIndex. 4 
hrFSLastFullBackupDate. 4 
hrFSLastPartialBackupDate.4 


OCTET STRING, 0-1-1,0:0:0.0} 
OCTET STRING, 0-1-1,0:0:0.0} 
NTEGER, 3} 
OCTET STRING, /usr} 

OCTET STRING, } 

OBJECT IDENTIFIER, hrFSBerkeleyFFS} 
NTEGER, readWrite} 

NTEGER, false} 

NTEGER, 101} 

OCTET STRING, 0-1-1,0:0:0.0} 

OCTET STRING, 0-1-1,0:0:0.0} 
NTEGER, 4} 
OCTET STRING, /tools} 

OCTET STRING, /tools@tools} 
OBJECT IDENTIFIER, hrFSNFS} 
NTEGER, readWrite} 

NTEGER, false} 

NTEGER, 0} 

OCTET STRING, 0-1-1,0:0:0.0} 
OCTET STRING, 0-1-1,0:0:0.0} 


G.6 Running Software Tables 


The running software table implementation is as follows: 


The hrSwoSIndex parameter is always returned as zero (0), the kernel 
idle process. There is no one process that represents the primary 
operating system running on this host for Tru64 UNIX. 


Each process is represented as an entry in both the hrSWRunTable group 
and the hrSWRunPerfTable group. The value of the hrSWRunIndex 
parameter (used to index both tables) is the pid of that process. This 
means there is an entry whose hrSWRunIndex parameter value is 0 
(zero), which is not typical of SNMP tables. 


The hrSwRunName parameter is always returned as a zero-length octet 
string. 


The hrSWRunType parameter is always returned as unknown. 


The hrSWRunStatus parameter is returned as either running 
(processes that are capable of being run or are waiting for CPU), or 
notrunnable (stopped or waiting for non-CPU resources). 


The hrsWRunPath parameter and the hrSWRunParameters parameter 
return the command and parameters, respectively, that were used to 
start this process. This is similar, but not identical, to the output of 
the ps command. 


The hrSWRunPerfCPU parameter returns the sum of accumulated 
system and user time for all threads running in a process. This value is 
equivalent to the value returned by the ps cputime specifier (adjusted 
to units of centiseconds). 


The hrsWRunPerfMem parameter returns the current resident set size 
of the process. This value is equivalent to the value returned by the ps 
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rssize specifier, adjusted to units of 1024 bytes (a "Kbyte" as defined 


in RFC 1514). 
The following are sample running software table data: 
{hrSWRunIndex. 0 , INTEGER, 0} 
{hrSWRunName . 0 , OCTET STRING, } 
{hrSWRunID.0 , OBJECT IDENTIFIER, 0.0} 
{hrSWRunPath.0 , OCTET STRING, } 
{hrSWRunParameters.0 , OCTET STRING, } 
{hrSWRunType.0 , INTEGER, unknown} 
{hrSWRunStatus.0 , INTEGER, running} 
{hrSWRunIndex.1 , INTEGER, 1} 
{hrSWRunName.1 , OCTET STRING, } 
{hrSWRunID.1 , OBJECT IDENTIFIER, 0.0} 
{hrSWRunPath.1 , OCTET STRING, /sbin/init} 
{hrSWRunParameters.1 , OCTET STRING, -a} 
{hrSWRunType.1 , INTEGER, unknown} 
{hrSWRunStatus.1 , INTEGER, notRunnable} 
{hrSWRunIndex. 3 , INTEGER, 3} 
{hrSWRunName . 3 , OCTET STRING, } 
{hrSWRunID.3 , OBJECT IDENTIFIER, 0.0} 
{hrSWRunPath. 3 , OCTET STRING, /sbin/kloadsrv} 
{hrSWRunParameters .3 , OCTET STRING, } 
{hrSWRunType. 3 , INTEGER, unknown} 
{hrSWRunStatus.3 , INTEGER, notRunnable} 
{hrSWRunIndex.16 , INTEGER, 16} 
{hrSWRunName.16 , OCTET STRING, } 
{hrSWRunID.16 , OBJECT IDENTIFIER, 0.0} 
{hrSWRunPath.16 , OCTET STRING, /sbin/update} 
{hrSWRunParameters.16 , OCTET STRING, } 
{hrSWRunType.16 , INTEGER, unknown} 
{hrSWRunStatus.16 , INTEGER, notRunnable} 
{hrSWRunIndex.142 , INTEGER, 142} 
{hrSWRunName.142 , OCTET STRING, } 
{hrSWRunID.142 , OBJECT IDENTIFIER, 0.0} 
{hrSWRunPath.142 , OCTET STRING, /usr/sbin/routed} 
{hrSWRunParameters.142 , OCTET STRING, -q} 
{hrSWRunType.142 , INTEGER, unknown} 
{hrSWRunStatus.142 , INTEGER, notRunnable} 
{hrSWRunIndex. 228 , INTEGER, 228} 
{hrSWRunName . 228 , OCTET STRING, } 
{hrSWRunID.228 , OBJECT IDENTIFIER, 0.0} 
{hrSWRunPath. 228 , OCTET STRING, /usr/sbin/nfsiod} 
{hrSWRunParameters .228 , OCTET STRING, 7} 
{hrSWRunType.228 , INTEGER, unknown} 
{hrSWRunStatus.228 , INTEGER, notRunnable} 
{hrSWRunIndex . 394 , INTEGER, 394} 
{hrSWRunName .394 , OCTET STRING, } 
{hrSWRunID.394 , OBJECT IDENTIFIER, 0.0} 
{hrSWRunPath.394 , OCTET STRING, /usr/dt/bin/dtlogin} 
{hrSWRunParameters .394 , OCTET STRING, -daemon} 
{hrSWRunType.394 , INTEGER, unknown} 
{hrSWRunStatus.394 , INTEGER, notRunnable} 
{hrSWRunIndex. 395 , INTEGER, 395} 
{hrSWRunName .395 , OCTET STRING, } 
{hrSWRunID.395 , OBJECT IDENTIFIER, 0.0} 
{hrSWRunPath.395 , OCTET STRING, /usr/sbin/getty} 
{hrSWRunParameters .395 , OCTET STRING, console console vt100} 
{hrSWRunType.395 , INTEGER, unknown} 
{hrSWRunStatus.395 , INTEGER, notRunnable} 
{hrSWRunIndex . 396 , INTEGER, 396} 
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hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 


hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 


hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 
hrSw. 


Run 


Run’ 


Run 


Run 


Run’ 


Run. 
Run. 
Run. 
Run. 
Run. 
Run. 
Run. 
Run. 


Run. 
Run. 
Run. 
Run. 
Run. 
Run. 
Run. 
Run. 
Run. 
Run. 
Run. 


hrSw. 


Run. 


PerfC 


PerfC 


PerfC 


PerfC 


Perf£C 


PerfC 


RunName .396 
D.396 
RunPath.396 
RunParameters .396 
Type .396 
RunStatus.396 
ndex.397 
RunName .397 
D.397 
RunPath.397 
RunParameters .397 
Type .397 
RunStatus.397 


PerfMem. 
PU. 
PerfMem. 
PU. 
PerfMem. 
PU. 
PerfMem. 
PU. 
PerfMem. 


PU. 
PerfMem. 


228 
228 
394 
394 
395 
395 
396 
396 
397 
397 


OCTET STRING, } 


OBJECT 


DENTIFIER, 0.0} 


OCTET STRING, /usr/bin/X11/x} 


OCTET STRING, :0 -auth /var/dt/A:0-aaamka} 
INTEGER, unknown} 

INTEGER, notRunnable} 

INTEGER, 397} 


OCTET STRING, } 


OBJECT 


DENTIFIER, 0.0} 


OCTET STRING, dtlogin} 
OCTET STRING, <:0> -daemon} 


NTEGER, 
NTEGER, 


NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 


AAAAAAAAN 


NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 
NTEGE: 


AAAAAAAAADAAAA 


unknown } 
notRunnable} 
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H 


Format of DNS Data File Entries 


The Domain Name System (DNS) configuration file, by default called 
/etc/namedb/named.conf, specifies the names of the DNS data files. 
These data files consist of entries, also known as Resource Records (RR), 
that follow the formats described in this chapter. 


H.1 Format of DNS Resource Records 


Here is the general format of a DNS Resource Record: 


name ttl 


entry-type entry-specific-data 


The fields are defined as follows: 


Field 


Description 


name 


GEL 


This is the name of the domain, for example 
cities.dec.com. The domain name must begin 
in the first column. 

For some data file entries the name field is left 
blank. In that case, the domain name is assumed 
to be the same as the previous entry. 

A free standing period (.) refers to the current 
domain. 

A free standing at sign (@) denotes the current 
origin, thus allowing you to specify more than one 
domain. 

Two free standing periods (. .) represent the null 
domain name of the root. 


This is the timeto-live field, and specifies how 
long, in seconds, the data will be stored in the 
database. If this field is left blank, the value 
defaults to the ttl value specified in the SOA 
(start of authority) entry or, ultimately, the value 
of the $ttl entry. The maximum time-to-live 

is 99999999 seconds, or 3 years. 
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Field Description 


addr-class This field is the address class. There are three 
classes: IN — Internet addresses, TXT — naming 
service data, ANY — all other types of network 
addresses. 
The address class of all data file entries of a given 
entry-type in a particular zone must be the same. 
Therefore, only the first entry in a zone need 
specify the addr-class fidd. 


entry-type This field states the resource record type, for 
example SOA (start of authority) or A (address). 


entry-specific-data All fields after the entry-type field vary for each 
type of date file entry (resource record). 


The case is preserved in name and data fields when loaded into the DNS 
server. Comparisons and lookups using the DNS are case insensitive. 


The following characters have special meanings in DNS data file entries: 


Character Meaning 


\x A backslash (\ ) escapes the next nondigit (x) 
character so that the character’s special meaning 
does not apply. For example, you could usea 
period (.) to place a period character in a label. 


\nnn A backslash denotes the octet corresponding 
to the decimal number represented by nnn. 
The resulting octet is assumed to be text and 
is not checked for special meaning. 


() Parentheses group data that cross a line. In 
effect, line terminations are not recognized 
within parentheses. 


; A semicolon starts a comment, causing the 
rest of the line to be ignored. 


me An asterisk signifies a wildcard. 


Most DNS data file entries have the current domain appended to their 
names if they are not terminated by a period (.). This is useful for appending 
the current domain name to the data, such as system names, but could 
cause problems when you do not want this to happen. Consequently, if the 
name is not in the domain for which you are creating the data file, end the 
name with a period. 


Data files (resource records) can have the following types of entries: 
¢ $include 
¢ $origin 
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¢ $ttl — time to live 

« A — address 

¢ CNAME — canonical name 
¢ HINFO — host information 
« MB — mail box 

¢ MG — mail group 

¢ MINFO — mailbox information 
« MR — mail rename 

« MX — mail exchanger 

e NS — name server 

« PTR — domain name pointer 
« SOA — start of authority 

¢ WKS — well known services 


H.2 Description of Data File Entries 


The following sections describe each data file entry and its format. 


H.2.1 Include Entry 


An include entry is similar toa header filein the C programming language. 
This feature is particularly useful for separating different types of data into 
multiple files. An include entry begins with $include in the first column, 
and is followed by the name of the file to be included. For example: 


Sinclude /etc/namedb/mailboxes 
This entry requests the DNS to load the data file /etc/namedb/mailboxes. 


The include entry loads data files into the local zone and acts as a data file 
organizer. For example, you can use $include entries to separate mail 
from host information. 


H.2.2 Origin Entry 


An origin entry changes the origin in a data file. This feature is particularly 
useful for putting more than one domain in a data file. An origin entry 
begins with Sorigin in the first column, followed by a domain origin, as 
shown in the following example: 


Sorigin state.dec.com. 
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This entry includes the domain state.dec.com in the data file. As a result, 
the DNS can provide information about the state.dec.com domain in 
addition tothe local domain, provided your server has authority for the zone. 


The Sorigin and $include entries can work together. They can save 
typing and help keep the files organized. For example, assume that the 
following entries arein the hosts. rev file 


Sorigin 11.128.in-addr.arpa. 
Sinclude cities.dec.com.rev 


The period after arpa signifies the complete domain name. Assume that the 
cities.dec.com. rev file consists of entries similar to the following: 


33.22 IN PTR chicago.cities.dec.com. 
In this situation, the complete reverse name for the host chicago is translated 
to be as follows: 


33.22.11.128. in-addr.arpa. IN PTR chicago.cities.dec.com. 


H.2.3 TTL Entry 


The time-to-live entry is similar to the ttl field in other resource records; it 
specifies how long data will be stored in the cache. However, when you set 
the timeto-live in the optional $tt1 entry, the limit takes takes effect only 
if no timeto-live value is specified for a particular resource record or its 
corresponding SOA record. 


A $tt1 entry begins with $tt1 in the first column, a value in the second 
column, and an optional comment in the third column. For example, this 
entry specifies that resource records without a specified ttl will expire after 
21600 seconds (or six hours): 


Sttl 21600 default time to live 


When you specify it in this manner, the time-to-live value must be in 
the range of 0 to 2147483647 seconds. Alternatively, you can specify the 
time-to-live in the following format, where you need not specify all of the 
fields: 


weeksWdaysDhoursHminutesMsecondsS 


For example, the maximum value in this format (3550 weeks, 5 days, 3 
hours, 14 minutes, 7 seconds) would be specified as follows: 


Sttl 3550W5D3H14M7S 


H.2.4 Address Entry 


The address (A) data file entry lists the address for a specific system. An A 
entry has the following format: 
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name ttl addr-class emtry-type address 


The fields in the A entry have the values described in Section H.1, with the 
exception of the address field. This field specifies the IP address for each 
system. There must be only oneA entry for each address on a given system. 


The following is an example of two A entries: 


j;name ttl addr-class entry-type address 
miaml.cities.dec.com. IN A 128.11.22.44 
IN A 12:8).-11..22..33 


In this example, note that in the first entry the ttJ field is blank, thus using 
the default ttl specified in the SOA entry. In the second entry, the first and 
second fields are blank, thus using the default name specified in the previous 
entry and the default ttl specified in the SOA entry. In this example, the 
host miami.cities.dec.com has two IP addresses. 


H.2.5 Canonical Name Entry 


The canonical name (CNAME) entry specifies an alias for a canonical name. 
For example, if the canonical name, (also Known as the full DNS name or 
the fully qualified name) is miami.cities.dec.com, a reasonable alias might 
be miami or mi. 


An alias must be unique, and all other entries must be associated with the 
canonical name and not with the alias. Do not create an alias and then useit 
in other entries. A CNAME entry has the following format: 


aliases ttl addr-class entry-type can-name 


The fields in the CNAME entry have the values described in Section H.1, 
with the following exceptions: 


Field Description 


alias This field specifies the nickname (alias) of 
the canonical name of the host. 


can-name This is the canonical name of the host. If the 
canonical name is a part of the current domain, 
you need to specify only the host name, for 
example, miami. If the canonical name is for a 
host in another domain, you must specify the 
fully qualified DNS name, followed by a period 
(.). For example: ohio.state.dec.com. 


The following example shows two CNAME entries. The first entry is for a 
CNAME in the current domain, cities.dec.com; the second entry is for a 
CNAME in another domain: 


jaliases ttl addr-class entry-type can-name 
to IN CNAME toledo 
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oh IN CNAME ohio.state.dec.com. 


H.2.6 Host Information Entry 


The host information (HI NFO) data file entry is for host specific information. 
This entry lists the hardware and operating system that are running at 

the specified host system. Only a single space separates the name of the 
hardware from the operating system information. Thus, if you need to use 
spaces as part of a host or operating system name, you must place the name 
in quotation marks. In addition, there can be no more than one HINFO 
entry for each host on the domain. The following is the HINFO entry format: 


host ttl addr-class emtry-type hardware _ opsys 


The fields in the HINFO entry have the values described in Section H.1, 
with the following exceptions: 


Field Description 


host This field specifies the host name. If the host is 
in the current domain, you need to specify only 
the host, for example, chicago. If the host is ina 
different domain, you must specify the full DNS 
name, for example, utah.state.dec.com.. Be sure to 
include the period (.) at the end of the host name. 
This indicates the fully qualified DNS name. 


hardware This field specifies the type of CPU, for 
example, an AlphaServer 8400. 


opsys This field specifies the type of operating 
system running on the specified host. Its 
recommended setting is Tru64 UNIX for the 
Tru64 UNIX operating system. 


The following is an example of a HINFO entry: 


j;name ttl addr-class entry-type hardware opsys 
ohio.state.dec.com. IN HINFO "AlphaServer 
8400" "Tru64 UNIX" 


In this example, note that the second field specifying the ttl is blank, thus 
using the default ttl specified in the SOA entry. 


H.2.7 Mailbox Entry 


The mailbox (MB) entry lists the system where a user wants to receive mail. 
The following is the format of an MB entry: 


login ttl addr-class entry-type systen 


The fields in the MB entry have the values described in Section H.1, with 
the following exceptions: 
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Field Description 


login This field is the login name for a user. Login 
names must be unique for the domain. 


system This field specifies the name system where 
the user wants to receive mail. 


The following is an example of an MB entry: 


; login ttl addr-class entry-type system 
fred IN MB potsdam.cities.dec.com. 


In this example, note that the second field is blank, thus using the ttl 
specified in the SOA entry. Consequently, the user Fred will have mail 
delivered to the host named potsdam in the domain cities.dec.com. 


H.2.8 Mail Group Entry 


The mail group (MG) entry specifies the members of a mail group. The MG 
entry is usually used with a MINFO entry. The following is the format of 
an MG entry: 


group ttl addr-class_ emtry-type member 


The fields in the MG entry have the values described in Section H.1, with 
the following exceptions: 


Field Description 


group This field specifies the name of the mail group, 
for example, users or marketing. 


member This field specifies the login name and the domain 
of the user to be included in the mail group. 


The following is an example of a MINFO entry and several MG entries: 


; group ttl addr-class entry-type requests member 
fun IN MINFO BIND-REQUEST fred@miami.cities.dec.com. 
IN MG john@miami.cities.dec.com. 


amy@miami.cities.dec.com. 


In this example, note that the second field for all three entries is blank, thus 
using the ttl specified in the SOA entry. In addition, Fred, J ohn, and Amy 
will receive any mail sent to the mail group fun. 


H.2.9 Mailbox Information Entry 


The mailbox information (MINFO) entry creates a mail group for a mailing 
list. The MINFO entry is usually associated with a mail group (MG) entry, 

but can also be used with a mailbox (MB) entry. The following is the format 
of a MINFO entry: 
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mailbox ttl addr-class entry-type requests maintaine 


The fields in the MINFO entry have the values described in Section H.1, 
with the following exceptions: 


Field Description 


mailbox This field specifies the name of the mailbox, 
and its value is usually BIND. 


requests This field specifies the name where users can 
send mail relating to the DNS or mail. For 
example, a user might want to send a mail 
message requesting that an alias be set up. 


maintainer This field contains the login name of the 
person who will receive mail error messages. 
This is particularly useful when an error in 
member’s names needs to be reported to a 
person other than the sender. 


The following is an example of a MINFO entry: 


mailbox ttl addr-class entry-type requests maintainer 
BIND IN MINFO BIND-REQUEST 
fredemiami.cities.dec.com. 


In this example, note that the second field is blank, thus using the ttl 
specified in the SOA entry. 


H.2.10 Mail Rename Entry 


The mail rename (MR) entry lists aliases for a specific user. The following is 
the format of an MR entry: 


alias ttl addr-class etry-type login 


The fields in the MR entry have the values described in Section H.1, with 
the following exceptions: 


Field Description 


alias This field lists the nicknames for the specified 
user. The alias must be unique to the domain. 


login This field is the login name for the user 
whose alias is being established. There 
should also be a corresponding MB entry 
for the specified login name. Login names 
must be unique for the domain. 


The following is an example of an MR entry: 


jalias tEL addr-class entry-type login 
lady IN MR diana 
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H.2.11 


H.2.12 


princess IN MR diana 


This example shows how to set up the aliases lady and princess for a user 
whose login name is diana. Note that the second field is left blank, thus 
using the ttl specified in the SOA entry. 


Mail Exchanger Entry 


The mail exchanger (MX) entry specifies a system in the local domain (called 
a gateway) that knows how to deliver mail to a system that may not be 
directly connected to the local network. Consequently, the MX entry is useful 
for systems outside your local network that want to send mail toa user on 
one of your network’s hosts. 


You can also use the MX entry to list some of the hosts in the /etc/hosts 
file so that they do not appear to other systems using the DNS service. 


The following is the format of an MX entry: 
systen ttl addr-class emtry-type prd-value gateway 


The fields in the MX entry have the values described in Section H.1, with 
the following exceptions: 


Field Description 


system This field specifies the name of the system 
where mail is to be sent. 


pref-value This field specifies the order a mailer is to 
follow when there is more than one way to 
deliver mail to a given system. 


gateway This field contains the name of the gateway 
system, that is, the system that can deliver mail 
to the destination system on another network. 


The following is an example of two MX entries: 


;system ttl addr-class entry-type pref-value gateway 
tampa.cities.dec.com IN MX 0 seismo.cs.au. 
*.folks.dec.com IN MX 0 relay.cs.net. 


In this example, all mail destined for the domain folks.dec.com, regardless of 
the host name, is sent by route of the relay.cs.net host. In addition, note that 
the second field in both entries is blank, thus using the ttl specified in the 
SOA entry. The second entry uses an asterisk, which is a wildcard. 


Name Server Entry 


The name server (NS) entry specifies that a system is a name server for the 
specified domain. The following is the format of the NS entry: 
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name ttl addr-class entry-type server 


The fields in the NS entry have the values described in Section H.1, with the 
exception of the server field. This field specifies the name of the primary 
master server for the domain specified in the first field. 


The following is an example of an NS entry: 


j;name tel addr-class entry-type server 
IN NS utah.states.dec.com. 


H.2.13 Domain Name Pointer Entry 


The domain name pointer (PTR) entry allows special names to point to some 
other location in the domain. PTR names must be unique to the zone. These 
entries are located on a primary server inthefile /etc/namedb/hosts. rev. 
The following is the format of a PTR entry: 


re-addr ttl addr-class entry-type hostname 


The fields in the PTR entry have the values described in Section H.1, with 
the following exceptions: 


Field Description 


rev-addr This field specifies the reverse |P address of 
the host. For example, if the host’s address is 
128.11.22.33, the reverse address is 33.22.11.128. 


hostname This is the fully qualified DNS name of the host, 
for example, miami.cities.dec.com. Be sure to 
include the period (.) at the end of the host name 
if the host is not in the current domain. 


The following is an example of two PTR entries: 


;rev-addr tel addr-class entry-type hostname 
33.22 IN PTR chicago 
66.55.44.121.in-addr.arpa. IN PTR mail.peace.org. 


In this example, the first entry is for a host whose IP host address is 22.33 in 
the current domain. The specified rev.addr (33.22) is meaningful assuming 
that a Sorigin entry exists. See Section H.2.2 for a description of the 
Sorigin entry. If thereis not an Sorigin entry, then the entire IP address, 
in reverse, must be specified. 


The second entry is for a host in different domain (mail.peace.org.). As a 
rule, do not do this because you are putting data in your server’s cache for 
which your server is not authoritative. PTR entries and other resource 
records are for hosts in your domain only. The PTR entry sets up a reverse 
pointer for the host mail.peace.org. 
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H.2.14 Start of Authority Entry 


The start of authority (SOA) entry designates the beginning of a zone. There 
can be no more than one SOA entry per zone. The following is the format 
of an SOA entry: 


name ttl addr-class entry-type origin person serial# redresh_ reary\ 
expire min 


The forward slash (\ ) indicates line continuation. 


The fields in the SOA entry have the values described in Section H.1, with 
the following exceptions: 


Field Description 


origin This field is the name of the host on which the 
data file resides. This is usually a master server. 


person This field defines the login name and mailing 
address of the person responsible for the DNS 
running on the local domain. 


serial# This field specifies the version number of the data 
file. The person editing the master files for the 
zone must increment the value in this field each 
time a change is made to the data within the file. 
The serial number being changed informs the 
secondary servers that there is new data to be 
obtained from the master server. The maximum 
number is 232-1 after the decimal point. 
The serial number field allows the DNS to 
determine which of two copies of data files in a 
zone are more recent. Typically, the serial number 
field begins at one (1) and is incremented by one 
each time the original data file is modified. It is 
best to use whole integers. 


refresh This field specifies how often, in seconds, a 
secondary DNS server is to check with the master 
server to see if it needs to update its data files. 

If the data files are out of date (as indicated by 

a mismatch of serial number fields), they are 
updated with the contents of the master server’s 
files. 

The minimum refresh period is 30 seconds. If the 
refresh field is blank, however, the data file is not 
dynamically updated. 
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H.2.15 


Field Description 


retry This field specifies how often, in seconds, a 
secondary DNS server will try to refresh its 
data files after a refresh failure has occurred 
while making the check. If a DNS server 
attempts to refresh the files and fails, it tries 
to refresh them again every so many seconds, 
as specified in the retry field. 


expire This field specifies the upper limit, in seconds, 
that a secondary DNS server can use the data 
files in its cache before the data expires for lack of 
being updated, or before the DNS server checks 
to see if its cache needs to be updated. 


min This field specifies the default time to live, 
in seconds, that a data entry can exist in the 
event that the ttl entry is left blank. 


The following is an example of an SOA entry. The first line is a comment 
that shows the fields: 


j;name ttl addr-class entry-type origin person 
@ IN SOA utah.states.dec.com. hes.utah.states.dec.com. 
1 ; serial 
3600 ; vefresh every hr. 
300 ; retry every 5 min. 
3600000 ; expire in 1000 hrs. 
86400 ) ; min. life is 24 hrs. 


In this example note that the parentheses indicate to the DNS that this isa 
single entry. The ttl field is blank, indicating that the default time to live 
specified in the min field (86400 seconds) is being used. 


The semicolons allow comments for readability. |n the example, the serial 
field is 1, the refresh field is 3600 seconds (once per hour), the retry field is 
300 seconds (once per 5 minutes), the expire field is 3,600,000 seconds (1000 
hours), and the min field is 86400 seconds (24 hours). 


Well Known Services Entry 


The well known services (WKS) entry describes well known services 
supported by a particular protocol at a specified address. The services 
and port numbers are obtained from the list of services specified in the 
/etc/services file. The following is the format of a WKS entry: 


name ttl addr-class entry-type address protocol sevice 


The fields in the WKS entry have the values described in Section H.1, with 
the following exceptions: 
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( 


Field Description 


address This field specifies the IP address for each 
system. There can be only one WKS entry 
for each protocol at each address. 


protocol This field specifies the protocol to be used, 
for example TCP or UDP. 


Here is an example of two WKS entries: 


j;name ttl addr-class entry-type address protocol services 
IN WKS 128.32.0.4 UDP who route 
IN WKS 128.32.0.78 TCP (echo talk 


discard sunrpce sftp 
uucp-path netstat host 
systat daytime link 
auth time ftp 

nntp whois pop 

finger smtp supdup 
domain nameserver 
chargen) 


Note that the first and second fields of both entries in this example are blank, 
which indicates that they are using the domain name specified in a previous 
entry and the default ttl specified in the SOA entry. The services listed in 
the second entry are contained within parentheses and are thus interpreted 
as being one entry, even though they appear to be on several lines. 
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Numbers and Special 
Characters 


6bone 
address assignment, 3-10 
connecting to, 3-33 


A 


Access Control Lists 
(SeeACLs ) 

ACLs, 13-33 

acucap file, 6-31 

adapters 
( Seenetwork interfaces ) 

address 
and CIDR, 3-3 
assignment, 3-10 
for 6bone testing, 3-10 
IPv6, 3-2 
mapping to name, 3-9 
multicast, 3-7 
not autoconfigured, 15-20 
size, 3-2 
text representation, 3-2 
unicast, 3-4 

address autoconfiguration 
DHCPv6, 3-9 
stateful, 3-9 
stateless, 3-8 

address prefix, 3-8 
advertising on a link, 3-21 
advertising on a tunnel, 3-20 
advertising on tunnel, 3-20 
remote network, 3-21 

Address Resolution Protocol 


Index 


(SeeARP ) 
alias database 
administering and distributing 
alias information, 13-40 
aliases, 13-18, 13-40 


aliases file 
distributing for mail, 13-6 
entries, 10-15 
anonymous users, 10-14 
ARP 


specifying server ATM address, 
4-10 
specifying server IP address, 4-11 
specifying system role, 4-10 
arp command, 16-4 
ARP server 
and /etc/atmhosts file, 4-17 
ARP table 
and CLIP, 4-26 
creating entries, 4-26 
deleting entries, 4-26 
displaying for LANE, 4-27 
Asynchronous Transfer Mode 
(SeeATM ) 
ATM 
changing message level, 4-28 
configuring, 4-15 
configuring with CLIP, 4-17 
configuring with IP switching, 4-22 
configuring with LANE, 4-20 
disabling device driver, 4-26 
displaying network information, 
4-26 
enabling device driver, 4-26 
information required for 
configuration, 4-7 
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managing signaling, 4-26 
managing the environment, 4-25 
preparing for configuration, 4-7 
specifying ESIs, 4-8 
specifying flow control, 4-8 
specifying ILMI, 4-8 
specifying network layer, 4-8 
specifying signaling, 4-9 
specifying UNI version, 4-9 
specifying VC accounting, 4-9 
troubleshooting, 15-23 
verifying kernel options, 4-6 
verifying subsets are installed, 4-6 
ATM Configuration application, 4-15 
configuring CLIP, 4-19 
configuring IP switching, 4-23 
configuring LANE, 4-21 
atmarp command, 4-26 
atmconfig command, 4-26 
atmelan command, 4-27 
atmhosts file 
and ARP server, 4-17 
editing for CLIP, 4-17 
editing for LANE, 4-21 
atmifmp command, 4-27 
atmsig command, 4-26 
authentication 
and DNS, 8-6, 8-21 
and NTP, 12-6 
and PPP, 6-14 
authoritative server, 17-1 
auto.master map 
modifying, 9-27 
removing an NFS map, 9-28 
autofsd daemon 
and NIS, 10-2 
defined, 10-2 
error messages, D- 10 
invoking, 10-22 
maps 
( See automount maps ) 
mounting a remote file system, 
10-19 
autofsmount command 
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and string substitutions, B-5 

error messages, D- 10 

pattern matching, B-5 

using the ampersand, B-5 

using the asterisk, B-6 
automount command 

and string substitutions, B-5 

pattern matching, B-5 

using the ampersand, B-5 

using the asterisk, B-6 
automount daemon 

and NIS, 10-2 

defined, 10-2 

error messages, D-6 

invoking, 10-22 

maps 

( See automount maps ) 
mounting a remote file system, 
10-19 

starting with SysMan Menu, 10-9 
automount maps, 10-2, B-1 

administering locally, 10-2 

administering with NIS, 10-2 

and environment variables, B-6 

and the /var/yp/Makefile file, 9-12 

creating, B-1 

direct, B-2 

distributing with NIS, 9-12 

examples, B- 1 

indirect, B-3 

modifying the master map, 9-28 

replicated file systems, B-9 

specifying multiple mounts, B- 7 

specifying shared mounts, B-8 


Berkeley Internet Name Domain 
(SeeDNS ) 

BIND 
(SeeDNS ) 

binmail utility, 13-38 

BOOTP 
and DHCP, 5-20 


configuring a client, 5-19 
bound interactive service, 7-17 
broadcast address 

(See multicast address ) 
BSD devices 

LAT, 7-6 


Cc 


cable 
guidelines for use with modems, 
6-27 
null modem, 6-3 
caching-only server 
configuring for DNS, 8-15 
defined, 8-2 
calls 
initiating to remote hosts, 11-24 
CDSL, 1-9 
Challenge Authentication Protocol 
(See CHAP ) 
CHAP 
chap-secrets file, 6-14, 6-22 
use with PPP, 6-14 
chat script, 6-12 
CIDR, 3-3 
Classical | P 
(SeeCLIP ) 
Classless I nter-Domain Routing 
(SeeCIDR ) 
dient 
autofsd error messages, D- 10 


autofsmount error messages, D- 10 


automount error messages, D-6 
configuring for DNS, 8-20 
configuring for mail, 13-15 
configuring for NFS, 10-9 
configuring for NIS, 9-17 
configuring for NTP, 12-6 
deconfiguring for DNS, 8-29 
deconfiguring for NFS, 10-10 
delivering mail to, 13-5 


DHCP, 5-2 
DNS, 8-1, 8-3 
mail, 13-2 
monitoring DHCP, 5-18 
mounting a remote file system, 
10-17 
NFS, 10-1 
NFS error messages, D-2 
NFS management tasks, 10-17 
NIS, 9-1 
NIS management tasks, 9-31 
NTP, 12-2 
obtaining IP address for, 2-4 
unmounting a remote file system, 
10-24 
CLIP 
adding static routes, 4-20 
configuring LIS interfaces, 4-20 
configuring with ATM, 4-17 
description, 4-2 
editing /etc/atmhosts file, 4-17 
editing /etc/hosts file, 4-18 
planning configuration with ATM, 
4-9 
running ATM Configuration 
application, 4-19 
setting up PVCs, 4-19 
specifying remote host support, 
4-11 
troubleshooting, 15-25 
cloning 
installation and configuration, 1-9 
command 
netstat, 16-3 
ping, 16-2 
traceroute, 16-4 
command files (uucp), 11-21 
Compag Analyze, 16-9 
Compag Insight Manager, 1-7 
configuration cloning, 1-9 
configured tunnel 
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running RIPng, 3-20 
connection 
terminates abnormally (IPv6 host), 
15-14 
terminates abnormally (IPv6 
router), 15-22 
connection refused message 
IPv6 host, 15-14 
IPv6 router, 15-21 
connections 
configuring system for dial-in 
access, 6-28 
configuring system for dial-out 
access, 6-31 
LAT host-initiated, 7-13 
outgoing (LAT), 7-14 
terminating SLIP, 6-10 
Context-Dependent Symbolic Link 
(SeeCDSL ) 
counters 
Ethernet, A-1 
FDDI, A-6 
token ring, A- 20 
cron daemon 
log file, 11-23 
running the uudemon.admin script, 
11-18 
running the uudemon.cleanu script, 
11-20 
running the uudemon.hour script, 
11-24 
scheduling uucp jobs, 11-23 


D 

data files 
DNS, 8-5, 8-12, 8-30 
uucp, 11-21 

databases 
distributed by NIS, 9-2 

datagram 
displaying route through a network, 

16-4 


DECevent, 16-9 
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dedicated service, 7-17 
dedicated tty device on a terminal, 
7-18 
destination prefix, 3-21 
DHCP, 5-1 
and security, 5-3, 5-19 
configuration worksheet, 5-4, 5-8 
configuring a dient, 5-14 
configuring a server, 5-12 
disabling address assignment, 5-20 
identifying server during 
configuration, 2-4 
information required for 
configuration, 5-4 
joind daemon, 5-16 
mapping hardware addresses, 5-18 
monitoring clients, 5-18 
planning for configuration, 5-2 
specifying during network 
configuration, 2-4 
starting cients, 5-17 
starting servers, 5-16 
troubleshooting, 15-34 
xjoin, 5-12 
dial-in connections, 6-28 
PPP, 6-25 
SLIP, 6-8 
dial-out connections, 6-31 
PPP, 6-19 
SLIP, 6-9 
Dialcodes file, 11-8 
direct maps 
multiple mounts, B- 7 
directory 
( See file system ) 
DNS 
authoritative server, 17-1 
client, 8-3 
configuration files, 8-11 
configuration worksheet, 8-6 
configuring a caching-only server, 
8-15 
configuring a client, 8-20 


configuring a forward-only server, 
8-16 

configuring a master server, 8-9 

configuring a slave server, 8-13 

configuring a stub server, 8-18 

data file, H-1 

deconfiguring, 8-29 

determining the server type, 17-5 

domain for reverse lookup, 3-9 

enabling authentication, 8-6, 8-21 

enabling dynamic updates, 8-5, 
8-12, 8-21 

finding domain information, 17-8 

glossary of terms, 17-1 

information required for 
configuration, 8-6 

IPv6 data format, 3-9 

IPv6 record type, 3-9 

IPv6 server guidelines, 8-11 

make command, 8-31 

master file data types, 17-1 

MX data file entry, 8-32 

named.conf file, H-1 

nslookup command, 17-20 

resolving target data, 17-20 

resource records, 8-5, 8-12, 8-30, 
H-1 

sample configuration, 8-1 

server testing worksheet, 17-2 

servers, 8-1 

starting server testing, 17-3 

testing forwarders, 17-10 

testing master servers, 17-15 

testing servers, 17-1 

testing slave servers, 17-11 

tracing from the root name server, 
17-18 

troubleshooting, 15-37, 15-39 

updating server data files, 8-5, 
8-12, 8-30 


using domain-addresses for mail, 
13-5 
using mail exchanger entries, 13-5 
dohash utility, 13-25 
domain 
adding an NIS map, 9-26 
adding groups to NIS, 9-25 
adding users to NIS, 9-23 
finding DNS information, 17-8 
removing NIS map from, 9-27 
domain name 
DNS, 8-8 
NIS, 9-4 
Domain Name System 
(SeeDNS ) 
dropped packets, 2-35 
dtmail utility, 13-38 
Dynamic Host Configuration Protocol 
(See DHCP ) 
dynamic updates, 8-5, 8-12 


E 


ELAN 
and /etc/hosts file, 4-21 
configuring elan interfaces, 4-22 
specifying name, 4-12 
specifying number, 4-12 
emulated LAN 
(See ELAN ) 
end system 
definition, 4-1 
end system identifier 
(See ESI ) 
environment variables, B-6 
error log file 
viewing, 16-9 
error messages, 15-1 
( See also problem; 
troubleshooting ) 
mail, F-1 
NFS, D-1 
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UUCP, E-1 
ESI 
creating, 4-26 
destroying, 4-26 
specifying for ATM adapter, 4-8 
/etc files 
( Seefiles ) 
Ethernet 
configuration worksheet, 2-2 
configuring, 2-13 
counters, A-1 
information required for 
configuration, 2-2 
monitoring, A- 1 
Event Viewer 
viewing syslogd message files, 
16-10 
execute files (uucp), 11-21 
exporting file systems, 10-12 
exports file 
NFS access and, 10-14 
options, 10-14 
security and, 10-11 


F 


FDDI 
configuration worksheet, 2-2 
configuring, 2-13 
displaying information about, 2-30 
displaying parameters, 2-30 
information required for 
configuration, 2-2 
interface characteristics, A- 17 
interface counters, A-6 
interface status, A-9 
modifying parameters, 2-30 
monitoring, A-4 
using netstat to monitor, 2-30 
fddi_config command, 2-30 
Fiber Distributed Data | nterface 
(SeeFDDI ) 
file handle 
stale, 15-48 
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file system, 10-17 
( Seealso remote file system ) 
exporting, 10-12 
halting export of, 10-13 

file transfer 
monitoring, 16-9 

files 
acucap, 6-31 
aliases, 10-15, 13-6 
chap-secrets, 6-14, 6-22 
command (uucp), 11-21 
configuration worksheet, 2-9 
data (uucp), 11-21 
editing manually, 1-9 
execute (uucp), 11-21 
exporting, 10-12 
exports, 10-11, 10-14 
gated.conf, 2-9 
gateways, 2-8 
halting export of, 10-13 
hosts, 2-19 
hosts.equiv, 2-20 
ifaccess.conf, 2-29 
inittab, 7-9 
ip6rtrd.conf, 3-39 
latstartup.conf, 7-7 
log (uucp), 11-20 
Maxuuscheds, 11-23 
monitoring the transfer queue, 

11-16 
networks, 2-21 
options, 6-20, 6-26 
pap-secrets, 6-14, 6-21 
Poll, 11-25 
rc.config, 1-9, 2-24, 3-37 
remote, 6-32 
removing from the uucp queue, 
11-21 

routes, 2-19 
secrets, 6-21 
slhosts, 6-7 
svc.conf, 8- 


10, 
8-20, 8-30 


8-13, 8-16, 8-18, 
9-19 


, 


firewall, 13-3 
flow, 4-4 

displaying information about, 4-27 
format prefix 

defined, 3-8 
forward-only server 

configuring for DNS, 8-16 
forward-only server 

defined, 8-2 
forwarder, 17-1 


G 


gated daemon, 2-8 

configuring, 2-17 
gated.conf file, 2-9 
gateway 

and PPP, 6-26 

and SLIP, 6-8 
gateways file, 2-8 
group file 

and NIS, 9-25 
group map, 9-25 


H 


host name 
configuring network interface, 2-4 
obtaining with DNS, 8-31 
Host Resources MIB, G-1 
hosts database 
distributing, 10-1 
hosts file 
and ELAN hosts, 4-21 
configuring, 2-19 
defined, 2-11 
editing for CLIP, 4-18 
editing for IP switching, 4-23 
editing for LANE, 4-21 
hosts.equiv file 
configuring, 2-20 
defined, 2-12 


host, 15-10 
( Seealso node ) 
adding to the mail environment, 

13-18 

configuring for |Pv6, 3-29 
creating lists for DHCP, 5-13 
IPv6 configuration variables, 3-37 
obtaining IP information, 8-31 
static routes, 3-19 
testing Internet access, 16-2 
unknown (IPv6 host), 15-10 

host is unreachable message 
off-link node (IP v6 host), 15-13 
off-link node (IP v6 router), 15-19 
on-link node (IP v6 host), 15-11 
on-link node (IP v6 router), 15-17 


ICMP messages, 16-6 
ifaccess.conf file, 2-29 
ifconfig command 
adding an IPv6 address, 3-35 
assigning an IPv6 interface ID, 
3-34 
deleting an |Pv6 address, 3-36 
enabling access filtering with, 2-29 
initializing an IPv6 interface, 3-34 
removing an I Pv6 interface, 3-35 
ILMI 
specifying for ATM adapter, 4-8 
IMAP, 13-24 
ACLs, 13-33 
administrative tools, 13-28 
configuring user accounts, 13-25 
directory structure, 13-29 
dohash utility, 13-25 
installing, 13-24 
mailbox names, 13-32 
mailusradm utility, 13-25, 13-27 
migrating from UNIX and POP3, 
13-27 
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Netscape Messenger, 13-38 
partitions, 13-37 
quotas, 13-35 
troubleshooting, 15-73 
upgrading from previous versions, 
13-25 
inittab file 
customizing for LAT, 7-9 
Insight Manager, 1-7 
installation cloning, 1-9 
Integrated Layer Management 
Interface 
(SeelLMI ) 
interface ID 
and unicast address, 3-4 
assigning to |Pvé6 interface, 3-34 
interfaces 
( Seenetwork interfaces ) 
Internet 
monitoring server ports, 10-16 
selecting NTP servers, 12-4 
Internet Address Verification 
adding, 10-8 
Internet Message Access Protocol 
(SeeIMAP ) 
Internet Protocol address 
(SeelP address ) 
Internet Protocol Version 6 
(See IPv6 ) 
Internet to MAC address translation 
tables, 16-4 
InterNIC Registration Services 
and IP address, 2-4 
IP address 


and InterNIC Registration Services, 


2-4 
and network numbers, 2-6 
configuring for DHCP, 5-13 
obtaining, 2-4 
obtaining using DNS, 8-31 
IP aliases, 2-21 
IP MTU size, 2-35 
IP router 
configuring system as, 2-18 
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defined, 2-9 
requirements, 2-18 
IP switching 
adding routes, 4-25 
characteristics, 4-4 
configuring ips interfaces, 4-25 
configuring with ATM, 4-22 
disabling, 4-27 
displaying statistics, 4-27 
editing /etc/hosts file, 4-23 
enabling, 4-27 
managing, 4-27 
planning configuration with ATM, 
4-13 
running ATM Configuration 
application, 4-23 
troubleshooting, 15-31 
ip6_setup utility 
configuring a host, 3-29 
configuring a router, 3-30 
ip6rtrd daemon 
log file, 3-40 
logging debug information, 3-41 
not running, 15-16 
ip6rtrd.conf file, 3-39 
ips 
configuring interfaces, 4-25 
ijptunnel command, 3-35 
IPv4 address 
and configured tunnel, 3-20 
|Pv4-compatible |Pv6 address, 3-5 
|Pv4-mapped | Pv6 address, 3-5 
IPv6 
6bone network, 3-33 
address autoconfiguration, 3-8 
addressing, 3-2 
configuration worksheet, 3-17 
configuring a host, 3-29 
configuring a router, 3-30 
configuring support in kernel, 3-37 
creating a configured tunnel, 3-35 
editing rc.config file for, 3-37 
enabling DNS dynamic updates, 
8-21 


information required for 
configuration, 3-17 
initializing on an interface, 3-34 
planning, 3-16 
removing from an interface, 3-35 
sample configurations, 3-22 
support required in kernel, 3-16 
supported commands, 3-12 
supported interfaces, 3-12 
terms, 3-2 
troubleshooting, 15-8 
types of addresses, 3-3 
IPv6 subsystem 
tuning, 3-40 
ipv6forwarding attribute, 3-37 
ipv6router attribute, 3-37 


J 


jobs 
cleaning up undelivered, 11-21 
monitoring status, 11-17 
scheduling UUCP, 11-23 

joind daemon, 5-16 


K 


kernel 
configuring ATM in, 4-6 
configuring | Pv6 routing in, 3-37 
configuring PPP in, 6-16 


L 


LAN 
running RIPng, 3-21 
LAN emulation 
(SeeLANE ) 
LAN Emulation Configuration Server 
(SeeLECS ) 
LAN Emulation Server 
(SeeLES ) 


LANE 


changing message level, 4-28 
characteristics, 4-3 
configuring elan interfaces, 4-22 
configuring with ATM, 4-20 
displaying ARP table, 4-27 
editing /etc/atmhosts file, 4-21 
editing /etc/hosts file, 4-21 
managing the environment, 4-27 
planning configuration with ATM, 
4-11 
running ATM Configuration 
application, 4-21 
troubleshooting, 15-28 


LAT 


adding devices, 7-6 

and NetRAIN, 7-7 

automatic startup and shutdown, 
7-5, 7-7 

configuration worksheet, 7-5 

configuring kernel for, 7-4 

configuring multiple network 
adapters, 7-10 

configuring with latsetup, 7-6 

connections, 7-2 

controlling access, 7-3 

creating a startup file, 7-7 

creating your own service, 7-17 

customizing the inittab file, 7-9 

dedicated tty device on a terminal, 
7-18 

defining LAT/Telnet service, 7-16 

defining port names, 7-12 

defining server names, 7-12 

devices, 7-6 

gateway service, 7-15 

host-initiated connection, 7-13 

information required for 
configuration, 7-5 

LAN service, 7-17 

latsetup command, 7-6 
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line disciplines, 7-14 
load balancing, 7-4 
outgoing connections, 7-14 
password protection, 7-4 
planning for configuration, 7-4 
printer hardware characteristics, 
7-11 
printer setup, 7-10 
program interface, 7-14 
sample configurations, 7-1 
server node, 7-1 
service node, 7-1 
service node groups, 7-3 
services, 7-17 
setup, 7-6 
starting and stopping, 7-7 
terminal server port settings, 7-11 
testing printer settings, 7-12 
testing printer setup, 7-13 
troubleshooting, 15-64 
user-created LAN service, 7-17 
verifying DLB support, 7-4 
LAT/Telnet gateway, 7-15 
setup, 7-16 
startup, 7-16 
latsetup command, 7-6 
latstartup.conf file, 7-7 
learp command, 4-27 
LECS 
configuring, 4-27 
creating, 4-27 
displaying status, 4-27 
specifying ATM address, 4-13 
LES 
and /etc/atmhosts file, 4-21 
specifying ATM address, 4-13 
line disciplines, 7-14 
link-local address, 3-6 
LIS 
configuring lis interfaces, 4-20 
creating, 4-26 
definition, 4-2 
specifying numbers, 4-10 
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load balancing 
LAT, 7-4 
Local Area Transport 
(SeeLAT ) 
local host 
obtaining NTP status from, 12-9 
local node 
not reachable (IPv6 host), 15-14 
not reachable (IPv6 router), 15-21 
log files, 11-22, 16-10 
( See also messages ) 
UUCP, 11-20, 11-22 
loopback address, 3-5 


mail 

adding a host, 13-18 

administering aliases, 13-40 

aliasing root, 10-14 

and DECnet, 13-6 

and firewalls, 13-3 

archiving the mail queue, 13-39 

binmail, 13-38 

changing aliases database, 13-40 

configuration worksheet, 13-9 

configuring a client, 13-15 

configuring a server, 13-16 

configuring a standalone system, 
13-14 

delivering to clients, 13-5 

displaying statistics, 13-42 

distributing the aliases file, 13-6 

distributing the passwd file, 13-6 

domain-based addresses, 13-5 

dtmail utility, 13-38 

error messages, F-1 

gateway, 13-4 

IMAP, 13-24 

information required for 
configuration, 13-9 

mailg command, 13-39 

mailstats command, 13-42 


mailusradm utility, 13-21, 13-25, 
13-27 
mailx utility, 13-38 
message handler (mh) utility, 
13-38 
monitoring the queue, 13-39 
Netscape Messenger, 13-38 
planning, 13-8 
POP, 13-18 
required protocols, 13-8 
sample configurations, 13-1 
sending to remote superusers, 
10-14 
sendmail utility, 13-38 
statistics file, 13-42 
system roles, 13-1 
troubleshooting, 15-71, 15-73 
using DNS MX records, 13-5 
utilities, 13-38 
mail aliases 
distributing, 13-40 
Mail Configuration application, 
13-13 
mail host, 13-18 
mail utility, 13-38 
mailconfig application, 13-13 
mailg command, 13-39 
mailstats command, 13-42 
mailusradm utility, 13-21, 13-25, 
13-27 
mailx utility, 13-38 
make command 
and DNS, 8-31 
makedbm command 
building a new NIS map, 9-21 
showing contents of NIS map, 9-22 
Makefile 
editing for NIS, 9-26 
modifying for NIS, 9-28 
map 
( See NIS map, automount 
maps ) 


master server 
configuring for DNS, 8-9 
configuring for NIS, 9-11 
defined for DNS, 8-1 
defined for NIS, 9-1 
Maxuuscheds file, 11-23 
message handler (mh), 13-38 
messages 
ATM subsystem, 4-28 
autofsd, D- 10 
autofsmount, D-10 
automount, D-6 
console, D-14 
IPv6, 3-40 
mail, F-1 
NFS client, D-2 
NFS server, D-1 
not forwarded, 15-20 
tip, E-8 
UUCP, E-1 
MIB 
Host Resources, G-1 
Microsoft Challenge Authentication 
Protocol 
(SeeMS-CHAP ) 
Microsoft NT RAS server, 6-23 
configuring, 6-24 
solving CHAP authentication 
problems, 6-25 
modem 
and acucap file, 6-31 
cable guidelines, 6-27 
commands for dial-in access, 6-29 
commands for dial-out access, 6-9 
guidelines, 6-15, 6-27 
using with SLIP, 6-3 
using with UUCP, 11-3, 11-12 
mountd daemon 
options, 10-11 
mounting remote file systems, 10-17 
MS-CHAP 
use with PPP, 6-14 
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MTU 
specifying size, 4-13 
multicast address 
defined, 3-7 
group, 3-7 
transient, 3-7 
well-known, 3-7 
multicast addresses 
well-known, 3-8 
multiple mount, B-7 
MX records, 13-5 


N 


name 
mapping to address, 3-9 
named.conf file 
and IPv6 server, 8-12 
nameserver record, 17-1 
nd6hostd daemon 
log file, 3-40 
logging debug information, 3-40 
netconfig application, 2-12 
NetRAIN 
and LAT, 2-23 
and MAC address licensing, 2-23 
configuration worksheet, 2-2 
configuring an interface, 2-24 
hardware restrictions, 2-22 
monitoring the interface, 2-27 
set members, 2-6 
netstat command, 2-29, 16-3, A-1 
network adapters 
( Seenetwork interfaces ) 
network data structures 
displaying with the netstat 
command, 2-29 
Network File System 
(SeeNFS ) 
network groups 
and NFS, 10-6 
Network | nformation Center 
( SeelnterNIC Registration 
Services ) 
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Network Information Service 
(SeeNIS ) 
network interfaces, 2-1 
adding an IPv6 address to, 3-35 
and LAT configuration, 7-10 
assigning |Pv61Ds, 3-34 
configuring, 2-13 
configuring multiple for failover, 
2-22 
controlling access, 2-29 
deconfiguring, 2-15 
deleting an |Pv6 address from, 
3-36 
displaying packet headers on, 16-7 
information required for 
configuration, 2-2, 4-7 
initializing for |Pv6, 3-34 
managing, 2-21 
monitoring, 2-27, 2-29, A-1 
multiple in same subnetwork, 
2-21, 2-27 
NetRAIN, 2-6, 2-22 
removing | Pv6 from, 3-35 
token ring, 2-6 
types of, 2-3 
network is unreachable message 
off-link node (IP v6 host), 15-13 
off-link node (IPv6 router), 15-19 
on-link node (IP v6 host), 15-11 
on-link node (IP v6 router), 15-17 
network mask 
( Seesubnet mask ) 
network problems, 15-1 
( See also problem; 
troubleshooting ) 
gathering information, 18-1 
reporting, 18-1 
tools for solving, 16-1 
Network Setup Wizard, 1-5 
Network Time Protocol 
(SeeNTP ) 
networks file 
configuring, 2-21 


defined, 2-12 
NFS 

allowing client superuser access, 
10-13 

and BIND, 10-1 

and NIS, 10-1 

and superuser mail, 10-14 

and the hosts database, 10-1 

and UIDs on remotely mounted file 
systems, 10-7 

autofsd, 10-2 

automount, 10-2 

dient, 10-1 

client error messages, D-2 

client management tasks, 10-17 

configuration worksheet, 10-3 

configuring cients, 10-9 

configuring servers, 10-8 

console error messages, D- 14 

deconfiguring, 10-10 

error messages, D-1 

exporting file systems, 10-12 

halting export of file systems, 
10-13 

improving file security, 10-11 

information required for 
configuration, 10-3 

monitoring server ports, 10-16 

monitoring system load, 10-16 

mountd daemon, 10-11 

mounting a remote file system, 
10-17 

nfsd daemons, 10-4 

nfsiod daemon, 10-6 

nfsstat command, 10-16 

server, 10-1 

server daemons, 10-4 

server error messages, D-1 

server management tasks, 10-11 

troubleshooting, 15-47, 15-50 


unmounting a remote file system, 
10-24 
nfsconfig application, 10-8 
nfsstat command, 10-16 
NIC whois service 
( See whois service ) 
NIS 
adding a slaveserver, 9-20, C-1 
adding groups toa domain, 9-25 
adding users toa domain, 9-23 
administering automount and 
autofsd maps, 10-2 
aliases database, 13-6 
and sendmail, 13-41 
changing a password, 9-31 
dient, 9-1 
configuration, 9-10 
configuration worksheet, 9-3 
configuring a client, 9-17 
configuring a master server, 9-11 
configuring a slave server, 9-15 
databases distributed by, 9-2 
distributing automount and autofsd 
maps, 9-12 
information required for 
configuration, 9-3 
managing a dient, 9-31 
managing a server, 9-20 
modifying, 9-20 
modifying svc.conf, 9-19 
modifying the Makefile, 9-28 
obtaining map information, 9-31 
removing, 9-20 
removing a slave server, 9-22, C-2 
sample configuration, 9-1 
security, 9-6, 9-7, 9-9, 9-29 
server types, 9-1 
server update scripts, C-1 
troubleshooting, 15-40, 15-44 
updating maps, 9-25 
Yellow Pages, 9-1 
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NIS map 
adding to a domain, 9-26 
distributing, 9-26 
modifying the automount master, 
9-28 
obtaining information from, 9-31 
removing from a domain, 9-27 
updating, 9-25 
nissetup command, 9-10 
node, 15-11, 15-14, 15-21 
( Seealso local node; off-link 
node; on-link node ) 
defined, 3-2 
nr interface, 2-22 
NS record, 17-1 
nslookup command, 8-31 
obtaining host information, 8-31 
obtaining IP information, 8-31 
solving problems using, 17-20 
NTP 
and system security, 12-7 
authentication, 12-6 
dient, 12-2 
configuration worksheet, 12-3 
configuring, 12-6 
displaying status, 12-9 
displaying xntpd status, 12-8 
information required for 
configuration, 12-3 
Internet time servers, 12-4 
ntpq command, 12-8 
reference dock, 12-4 
sample configurations, 12-2 
server, 12-2 
troubleshooting, 15-56 
xntpdc command, 12-9 
ntp command, 12-10 
ntpdate command, 12-10 
ntpq command, 12-8 
ntpsetup command, 12-6 
null modem cable, 6-3 
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O 


off-link node 
unreachable (IP v6 host), 15-13 
unreachable (IP v6 router), 15-19 
on-link node 
cannot autoconfigure addresses, 
15-20 
not reachable (IPv6 host), 15-11 
not reachable (IPv6 router), 15-17 
onlink prefix 
adding a route for, 3-36 
optional service, 7-17 
options file, 6-20, 6-26 
outgoing connections, 7-14 


P 


packets 
dropped by bridges, 2-35 
rejected by remote hosts, 2-35 
PAP 
use with PPP, 6-14 
pap-secrets file, 6-14, 6-21 
passwd file 
and NIS, 9-23 
distributing for mail, 13-6 
passwd map, 9-23 
password 
changing for root, 9-31 
changing in NIS, 9-31 
Password Authentication Protocol 
(SeePAP ) 
password protection 
LAT, 7-4 
pattern matching 
substitutions, B-5 
PC-NFS daemon, 10-8 
performance 
tuning, 3-40 
permanent virtual circuit 
(SeePVC ) 
ping command, 16-2 
Point-to-Point Protocol 


(SeePPP ) guidelines for running, 6-23 


Poll file, 11-25 options, 6-13, 6-18 
configuration, 11-15 printer 

POP, 13-18 using with LAT, 7-10 
administrative tools, 13-22 printer setup 
authentication, 13-21 LAT, 7-11 
directory structure, 13-23 testing, 7-13 
dtmail utility, 13-38 problem 


installing, 13-18 

mailusradm utility, 13-21, 13-27 

mh utility, 13-38 

migrating from MH POP3, 13-19 

migrating from Qualcomm POP3, 
13-20 

Netscape Messenger, 13-38 

troubleshooting, 15-73 

port monitoring, 10-16 


Post Office Protocol 


(SeePOP ) 


PPP, 6-11 


( Seealso SLIP ) 

and gateways, 6-26 

chap-secrets file, 6-14, 6-22 

chat script, 6-12 

configuration worksheet, 6-16 

configuring dial-in system, 6-25 

configuring dial-out system, 6-19 

connection guidelines, 6-27 

guidelines for running pppd, 6-23 

information required for 
configuration, 6-15 

Microsoft NT RAS server, 6-23 

options file, 6-20, 6-26 

pap-secrets file, 6-14, 6-21 

sample configurations, 6-11 

security, 6-14 

terminating a connection, 6-27 

troubleshooting, 15-62 


PPP link 


running RIPng, 3-21 


pppd daemon 


connection refused, 15-14, 15-21 

connection terminates abnormally, 
15-14, 15-22 

connection timed out, 15-7 

host is unreachable, 15-6 

network daemon not running, 15-5 

network is unreachable, 15-5 

network software not configured, 
15-4 

off-link node is unreachable, 
15-13, 15-19 

on-link node not reachable, 15-11, 
15-17 

on-link node cannot autoconfigure 
addresses, 15-20 

remote host is unknown, 15-5, 
15-10, 15-16 

router daemon not running, 15-16 

router not forwarding messages, 
15-20 

your node not reachable, 15-14, 
15-21 


problem solving, 15-1 


( Seealso troubleshooting ) 
diagnostic map, 15-1 
tools, 16-1 


processes 


limiting number of (UUCP), 11-23 


protocols 


required for mail, 13-8 


PVC 


configuring for CLIP, 4-19 
creating, 4-26 
destroying, 4-26 
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verifying creation, 4-20 


Q 


QoS 
defined, 2-35 
quality of service 
(See QoS ) 
queue 
checking UUCP, 11-18 
mail, 13-39 
transfer, 11-16 
Quick Setup, 1-3 


R 


rc.config file 
autofsd daemon, 10-21, 10-23 
automount daemon, 10-23 
editing with rcmgr utility, 1-9 
IPv6 variables, 3-37 
NetRAIN, 2-24 
reference clock 
defined, 12-4 
rejected packets, 2-35 
remote command execution 
UUCP, 11-1 
remote file, 6-28, 6-32 
remote file system, 10-17 
( Seealso file system ) 
mounting automatically, 10-19 
mounting statically, 10-17 
unmounting, 10-24 
remote host 
( See host ) 
initiating UUCP calls to, 11-24 
obtaining NTP status from, 12-9 
polling, 11-25 
unknown (IP v6 router), 15-16 
remote mount error messages, D-3 
remote node 
connection refused (IPv6 host), 
15-14 
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connection refused (1Pv6 router), 
15-21 
replicated file systems, B-9 
resource record, 3-9 
data file, 8-5, 8-12, 8-30 
Resource ReSerVation Protocol 
(SeeRSVP ) 
RIPng 
running on a PPP link, 3-21 
running on atunnel, 3-20 
root name server 
using to trace DNS information, 
17-18 
root password 
changing, 9-31 
route 
adding for an onlink prefix, 3-36 
static, 2-10, 2-19, 3-19, 3-21, 
3-35 
route command 
adding a router (IPv6), 3-36 
deleting a router (IP v6), 3-36 
routed daemon, 2-7 
configuring, 2-16 
defined, 2-7 
router 
adding default for |Pv6, 3-36 
configuring for |Pv6, 3-30 
configuring kernel support for | Pv6, 
3-37 
daemon not running, 15-16 
deleting default for |Pv6, 3-36 
editing the | Pv6 configuration file, 
3-39 
IPv6 configuration variables, 3-37 
not forwarding messages, 15-20 
static routes, 3-19 
router advertisements 
purpose, 3-39 
routes 
exchanging through a tunnel, 3-20 
exchanging with other routers, 
3-21 
routes file 


configuring, 2-19 
defined, 2-10 
routing, 2-10 
dynamic, 2-7 
source, 2-32 
static, 2-10, 2-19 
RSVP 
defined, 2-35 
managing, 2-36 
starting, 2-37 
stopping, 2-37 
rwhod daemon, 2-6 
configuring, 2-15 
defined, 2-6 


S 


script 
addypserver, C-1 
rmypserver, C-2 
uudemon.admin, 11-17 
uudemon.cleanu, 11-20, 11-22 
uudemon.hour, 11-24 
uudemon.poll, 11-25 
SDH 
specifying for ATM adapter, 4-8 
secrets files, 6-21 
security 
and DHCP, 5-3, 5-19 
and DNS, 8-6, 8-21 
and NIS, 9-6, 9-7, 9-9 
and NTP, 12-6 
and PPP, 6-14 
and xntpd, 12-7 
controlling access to interfaces, 
2-29 
exports file and, 10-11 
firewall, 13-3 
NIS and, 9-29 
preventing access to files, 10-13 
sendmail, 13-38 


aliases file, 13-40 
troubleshooting, 15-71 


Serial Line | nternet Protocol 


(SeeSLIP ) 


server, 9-1 


( Seealso master server; slave 
server ) 

authoritative, 17-1 

configuring an NIS master, 9-11 

configuring an NIS slave, 9-15 

configuring for DHCP, 5-12 

configuring for DNS, 8-9, 8-13, 
8-15, 8-18 

configuring for mail, 13-16 

configuring for NFS, 10-8 

configuring for NTP, 12-6 

deconfiguring for DNS, 8-29 

deconfiguring for NFS, 10-10 

DHCP, 5-2 

DNS, 8-1 

DNS testing, 17-1 

exporting file systems, 10-12 

halting export of file systems, 
10-13 

LAT, 7-1 

mail, 13-2 

NFS, 10-1 

NFS daemons, 10-4 

NFS error messages, D-1 

NFS management tasks, 10-11 

NIS, 9-1 

NIS management tasks, 9-20 

NTP, 12-2 

obtaining IP address from, 2-4 

querying time, 12-10 

updating files on (DNS), 8-5, 8-12, 
8-30 


service 


quality of, 2-35 


shared mounts, B-8 
Simple Network Management Protocol 
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(SeeSNMP ) 
site local address, 3-6 
slave server 
adding to an NIS domain, 9-20 
configuring for DNS, 8-13 
configuring for NIS, 9-15 
defined for DNS, 8-2 
defined for NIS, 9-1 
removing from an NIS domain, 
9-22 
script for adding to an NIS domain, 
C-1 
script for removing from an NIS 
domain, C-2 
slhosts file, 6-7 
SLIP, 6-1 
(Seealso PPP ) 
and gateways, 6-8 
configuration worksheet, 6-4 
configuring dial-in system, 6-8 
configuring dial-out system, 6-9 
information required for 
configuration, 6-4 
IP address, 6-5 
modem guidelines, 6-3 
planning for configuration, 6-2 
sample configurations, 6-1 
startslip command, 6-5 
terminating a connection, 6-10 
troubleshooting, 15-59 
SNAP 
specifying default VCI, 4-15 
SNMP 
configuring, 14-1 
described, 14-1 
Host Resources MIB, G-1 
SOA record, 17-2 
SONET 
specifying for ATM adapter, 4-8 
source routing, 2-32 
( Seealso token ring ) 
spooling directories, 11-18 
cleaning up manually, 11-19 
scheduling work in, 11-23 
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UUCP, 11-18 
srconfig command, 2-32 
stale file handle, 15-48 
start of authority record 
(SeeSOA record ) 
startppp command 
use for dial-in connections, 6-26 
startslip command, 6-5 
invoking subcommands from script 
file, 6-10 
subcommands, 6-5 
use for dial-in connections, 6-8 
static routes, 2-10, 2-19, 3-19, 
3-35 
string substitutions 
automount and autofsmount 
commands, B-5 
stub server 
configuring for DNS, 8-18 
defined, 8-2 
subnet mask, 2-5 
and network class, 2-6 
defined, 2-5 
for 1P switching, 4-5 
subnetwork 
and DHCP, 5-14 
multiple interfaces in, 2-21, 2-27 
Subnetwork Attachment Point 
(See SNAP ) 
sulog file 
and UUCP, 11-22 
superuser 
access privileges, 10-13 
allowing NFS access, 10-13 
and mail, 10-14 
log of command usage, 11-22 
remote superuser, 10-14 
SVC 
destroying, 4-26 
svc.conf file 
modifying for DNS, 8-10, 8-13, 
8-15, 8-18, 8-20 
modifying with svcsetup command, 
8-30, 9-19 


svcsetup command, 8-30, 9-19 
SVR4 devices 
LAT, 7-6 
switch 
definition, 4-1 
Synchronous Data Hierarchy 
(SeeSDH ) 
Synchronous Optical Network 
(SeeSONET ) 
syslogd daemon, 16-10 
( See also messages ) 
SysMan Menu, 1-2 
adding groups to NIS, 9-25 
adding users toNIS, 9-23 
configuring ATM, 4-15 
configuring DNS caching-only 
server, 8-15 
configuring DNS dient, 8-20 
configuring DNS forward-only 
server, 8-16 
configuring DNS master server, 
8-9 


configuring DNS slave server, 8-13 


configuring DNS stub server, 8-18 

configuring IP router, 2-18 

configuring LAT, 7-6 

configuring NFS dient, 10-9 

configuring NFS server, 10-8 

configuring NIS client, 9-17 

configuring NIS master server, 
9-11 

configuring NIS slave server, 9-15 

configuring NTP, 12-6 

creating PPP options file, 6-20, 
6-26 

deconfiguring DNS, 8-29 

deconfiguring network interfaces, 
2-15 

deconfiguring NFS, 10-10 

exporting file systems, 10-12 

halting export of file systems, 
10-13 


invoking, 1-2 
modifying PPP chap-secrets file, 
6-22 
modifying PPP pap-secrets file, 
6-21 
mounting a remote file system, 
10-17 
Network Setup Wizard, 1-5 
Quick Setup, 1-2, 1-3 
setting up gate daemon, 2-17 
setting up hosts file, 2-19 
setting up hosts.equiv file, 2-20 
setting up network interfaces, 2-13 
setting up networks file, 2-21 
setting up route daemon, 2-16 
setting up rwho daemon, 2-15 
setting up static routes file, 2-19 
unmounting a remote file system, 
10-24 
viewing syslogd message files, 
16-10 
system load 
NFS and, 10-16 
system log files 
( See log files ) 
system security 
( See security ) 
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TCP server daemon, 10-4 
tcpdump command, 16-7 
time 
querying, 12-10 
time servers 
Internet network, 12-4 
timeout message 
off-link node (IPv6 host), 15-13 
off-link node (IPv6 router), 15-19 
on-link node (IP v6 host), 15-11 
on-link node (IPv6 router), 15-17 
tip command, 6-19, 6-28 
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error messages, E-8 IPv6 subsystem, 3-40 


token ring tunnel 

adapter speed, 2-6 automatic, 3-19 

configuration worksheet, 2-2 configured, 3-19 

configuring, 2-13 creating, 3-35 

counters, A- 20 specifying during configuration, 

displaying IP MTU size, 2-35 3-21 

host information, A-23 to 6bone, 3-33 

information required for 

configuration, 2-2 U 

IP MTU size, 2-35 

modifying 1P MTU size, 2-35 UDP server daemon, 10-4 

monitoring, A- 19 uerf command, 16-9 

source routing, 2-32 unbound interactive service, 7-17 

using netstat to monitor, 2-30 UNI 
traceroute command, 16-4 version number for ATM adapter, 
traffic control, 2-36 4-9 
transfer queue unicast address 

guidelines for checking, 11-18 defined, 3-4 

monitoring automatically, 11-17 |Pv4-compatible | Pv6 address, 3-5 

monitoring manually, 11-17 |Pv4-mapped I Pv6 address, 3-5 
troubleshooting, 15-1 link-local address, 3-6 

ATM, 15-23 loopback address, 3-5 

CLIP, 15-25 site local address, 3-6 

DHCP, 15-34 unspecified address, 3-5 

DNS dient, 15-39 UNIX-to-UNIX Copy Program 

DNS server, 15-37 (SeeUUCP ) 

IMAP, 15-73 unknown host message 

IP switching, 15-31 |Pv6 host, 15-10 

IPv6, 15-8 IPv6 router, 15-16 

LANE, 15-28 unspecified address, 3-5 

LAT, 15-64 User-Network Interface 

mail, 15-71, 15-73, F-1 (SeeUNI ) 

NFS dient, 15-50, D-1 uucico command, 11-15 

NFS server, 15-47, D-1 uudeanup command 

NIS dient, 15-44 and uudemon.cleanu script, 11-20 

NIS server, 15-40 HEE ; ; : ; 

NTP, 15-56 cleaning spooling directories, 11-18 

POP, 15-73 cleaning up log files, 11-20 

PPP. 15-62 cleaning up undelivered jobs, 

: 11-21 

SLIP, 15-59 : ‘ 

UUCP, 15-53, E-1 configuration worksheet, 11-3, 
tuning 11-6, 11-9 


configuring, 11-12 
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configuring hardwired connections, 
11-12 

configuring incoming systems, 
11-14 

configuring modems, 11-12 

configuring outgoing systems, 
11-13 

configuring TCP/IP, 11-12 

error messages, E-1 

flow control, 11-15 

hardwired connections, 11-3, 
11-12 

HoneyDanBer version, 11-1 

incoming systems, 11-9 

information required for 
configuration, 11-3 

information required for 
connections, 11-3 

initiating calls to remote hosts, 
11-24 

limiting remote executions, 11-23 

log files, 11-21 

modems, 11-3, 11-12 

monitoring a file transfer, 16-9 

monitoring the transfer queue, 
11-16, 11-17 

outgoing systems, 11-6 

Poll file configuration, 11-15 

polling remote hosts, 11-25 

required hardware, 11-2 

sample configurations, 11-1 

scheduling jobs, 11-23 

TCP/IP connections, 11-3, 11-12 

testing a remote connection, 16-7 

troubleshooting, 15-53 

uusched command, 11-23 

uucpsetup command, 11-12 

uudemon.admin script, 11-17 

monitoring uucp status, 11-17 

running, 11-18 

uudemon.cleanu script, 11-20 


and log files, 11-22 
and uucleanup command, 11-20 
running, 11-20 


uudemon.hour script, 11-23 


and uudemon.poll script, 11-25 
running, 11-24 


uudemon.poll script, 11-25 


and uudemon.hour script, 11-25 


uulog command, 11-22 
uusched command, 11-23 
uustat command, 11-17 
uutry command, 16-7 
uuxqt 


V 


limiting number of processes, 
11-23 


variables 


environment, B-6 


vc 


accounting for ATM adapter, 4-9 
monitoring, 4-26 


VCcl 


specifying for PVC, 4-11 


virtual channel identifier 


(SeeVCl ) 


virtual drcuit 


(SeeVC ) 


virtual path identifier 


(SeeVPI ) 


VPI 


W 


specifying for PVC, 4-11 


well-known multicast addresses, 3-8 
whois command, 8-32 
whois service 


using, 8-32 
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X 


xjoin command, 5-12 

xntpd daemon, 12-1 
(Seealso NTP ) 
and system security, 12-7 
monitoring hosts, 12-8 

xntpdc command, 12-9 


Y 


Yellow Pages 
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(SeeNIS ) 
ypcat command, 9-31 
ypmatch command, 9-31 
yppasswd command, 9-31 
ypservers map 

showing contents of, 9-22 
ypwhich command, 9-31 
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